Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0442.pdf.exe

Overview

General Information

Sample name:0442.pdf.exe
renamed because original name is a hash value
Original sample name: .pdf.exe
Analysis ID:1580649
MD5:4f6b2b9ee57c50d6c505d0cdada4803e
SHA1:ad7dee6f1f71c4fe6299170a160592f139390e12
SHA256:62410e8399acf7834c74012783bde3fe9ff244e048141c4a96a65bec06895f37
Infos:

Detection

Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Connects to many ports of the same IP (likely port scanning)
Enables network access during safeboot for specific services
Enables remote desktop connection
Initial sample is a PE file and has a suspicious name
Uses an obfuscated file name to hide its real file extension (double extension)
Uses ping.exe to check the status of other devices and networks
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file contains strange resources
Queries disk information (often used to detect virtual machines)
Queries the installation date of Windows
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 0442.pdf.exe (PID: 3720 cmdline: "C:\Users\user\Desktop\0442.pdf.exe" MD5: 4F6B2B9EE57C50D6C505D0CDADA4803E)
    • msiexec.exe (PID: 5800 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ms.msi" /qn MD5: E5DA170027542E25EDE42FC54C929077)
    • cmd.exe (PID: 5016 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\start.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 3524 cmdline: ping 8.8.8.8 MD5: 2F46799D79D22AC72C241EC0322B011D)
    • Acrobat.exe (PID: 5440 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\doc.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • Acrobat.exe (PID: 6044 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\doc2.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 7216 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 7416 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2060 --field-trial-handle=1552,i,17805124399869270899,13465825051320202542,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • msiexec.exe (PID: 1396 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • ROMFUSClient.exe (PID: 7060 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /siex /silentinstall MD5: 63D0964168B927D00064AA684E79A300)
      • ROMServer.exe (PID: 7444 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /siex /silentinstall MD5: F3D74B072B9697CF64B0B8445FDC8128)
    • ROMFUSClient.exe (PID: 3376 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /firewall MD5: 63D0964168B927D00064AA684E79A300)
      • ROMServer.exe (PID: 5652 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /firewall MD5: F3D74B072B9697CF64B0B8445FDC8128)
    • ROMFUSClient.exe (PID: 7092 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /start MD5: 63D0964168B927D00064AA684E79A300)
      • ROMServer.exe (PID: 7784 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /start MD5: F3D74B072B9697CF64B0B8445FDC8128)
  • svchost.exe (PID: 7284 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • ROMServer.exe (PID: 7464 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" MD5: F3D74B072B9697CF64B0B8445FDC8128)
    • ROMFUSClient.exe (PID: 1732 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 7348 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 4476 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 3408 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 1892 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 7452 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 4476 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 1288 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 5792 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          0000000D.00000000.2157625763.0000000000401000.00000020.00000001.01000000.0000000B.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            0000000E.00000000.2162132291.0000000000401000.00000020.00000001.01000000.0000000C.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              13.0.ROMFUSClient.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                14.0.ROMServer.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Suspicious Double Extension File Execution
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\0442.pdf.exe", CommandLine: "C:\Users\user\Desktop\0442.pdf.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\0442.pdf.exe, NewProcessName: C:\Users\user\Desktop\0442.pdf.exe, OriginalFileName: C:\Users\user\Desktop\0442.pdf.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Users\user\Desktop\0442.pdf.exe", ProcessId: 3720, ProcessName: 0442.pdf.exe
                  Sigma detected: Windows Processes Suspicious Parent Directory
                  Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7284, ProcessName: svchost.exe

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Multi AV Scanner detection for submitted file
                  Source: 0442.pdf.exeVirustotal: Detection: 44%Perma Link
                  Source: 0442.pdf.exeReversingLabs: Detection: 26%
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\EULA.rtfJump to behavior
                  Source: 0442.pdf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 0442.pdf.exe
                  Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeFile opened: c:
                  Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C107B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7C107B190
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10640BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7C10640BC
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C108FCA0 FindFirstFileExA,0_2_00007FF7C108FCA0
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeFile opened: C:\Windows\SysWOW64\wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeFile opened: C:\Windows\SysWOW64\winspool.drv
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\COMCTL32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeFile opened: C:\Windows\SysWOW64\
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeFile opened: C:\Windows\SysWOW64\winmm.dll

                  Networking

                  barindex
                  Connects to many ports of the same IP (likely port scanning)
                  Source: global trafficTCP traffic: 101.99.91.150 ports 5651,8080,1,5,6,80
                  Enables network access during safeboot for specific services
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeRegistry value created: NULL Service
                  Uses ping.exe to check the status of other devices and networks
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 8.8.8.8
                  Source: global trafficTCP traffic: 192.168.2.5:49727 -> 101.99.91.150:5651
                  Source: Joe Sandbox ViewASN Name: SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.91.150
                  Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
                  Source: AledensoftIpcServer.dll.6.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                  Source: ROMFUSClient.exe.6.dr, ROMServer.exe.6.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
                  Source: ROMFUSClient.exe.6.dr, ROMServer.exe.6.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
                  Source: ROMFUSClient.exe.6.dr, ROMServer.exe.6.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                  Source: svchost.exe, 0000000A.00000002.3302662007.000001D0D94CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                  Source: ROMFUSClient.exe.6.dr, ROMServer.exe.6.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
                  Source: ROMFUSClient.exe.6.dr, ROMServer.exe.6.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
                  Source: ROMFUSClient.exe.6.dr, ROMServer.exe.6.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
                  Source: svchost.exe, 0000000A.00000003.2086555237.000001D0DEA70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                  Source: 546b56.rbs.6.dr, English.lg.6.dr, ROMServer.exe.6.drString found in binary or memory: http://litemanager.com/
                  Source: ROMFUSClient.exe, 00000016.00000002.3302145498.0000000001083000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://litemanager.com/03
                  Source: ROMServer.exe, 00000014.00000002.3302222062.0000000001763000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://litemanager.com/03v
                  Source: ROMServer.exe, 00000014.00000002.3302222062.000000000175C000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000016.00000002.3302145498.000000000107C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://litemanager.com/1
                  Source: ROMFUSClient.exe, 0000000D.00000000.2158481704.00000000008E4000.00000002.00000001.01000000.0000000B.sdmp, ROMServer.exe, 0000000E.00000000.2165096967.00000000009FE000.00000002.00000001.01000000.0000000C.sdmp, ROMFUSClient.exe.6.dr, ROMServer.exe.6.drString found in binary or memory: http://litemanager.ru/
                  Source: ROMServer.exe, 0000000E.00000000.2162132291.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, ROMServer.exe.6.drString found in binary or memory: http://litemanager.ru/noip.txtU
                  Source: AledensoftIpcServer.dll.6.drString found in binary or memory: http://ocsp.comodoca.com0
                  Source: ROMServer.exe.6.drString found in binary or memory: http://ocsp.sectigo.com0
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drString found in binary or memory: http://ocsp.thawte.com0
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drString found in binary or memory: http://s2.symcb.com0
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drString found in binary or memory: http://sv.symcd.com0&
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                  Source: 546b56.rbs.6.drString found in binary or memory: http://www.LiteManagerTeam.com
                  Source: ROMFUSClient.exe, 0000000D.00000000.2157625763.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, ROMFUSClient.exe, 0000000D.00000003.2170228731.0000000002847000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 0000000E.00000003.2166739408.0000000002AF7000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 0000000E.00000000.2162132291.0000000000951000.00000020.00000001.01000000.0000000C.sdmp, ROMFUSClient.exe, 0000000F.00000003.2189567888.00000000028D7000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 00000010.00000003.2187690246.0000000002AA7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000011.00000003.2223646504.00000000028C7000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 00000013.00000003.2219339086.00000000028E7000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 00000014.00000002.3302222062.00000000016C7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000015.00000002.3301602152.0000000002867000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000016.00000002.3302145498.0000000000FE7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000017.00000003.2221809409.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000018.00000003.2234790700.0000000000F17000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000019.00000003.2242119427.0000000002867000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001B.00000003.2261887862.00000000028E7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001D.00000003.2949144637.00000000029D7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001E.00000003.3003945257.0000000002817000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe.6.dr, ROMServer.exe.6.drString found in binary or memory: http://www.indyproject.org/
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drString found in binary or memory: http://www.symauth.com/cps0(
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drString found in binary or memory: http://www.symauth.com/rpa00
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drString found in binary or memory: https://d.symcb.com/cps0%
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drString found in binary or memory: https://d.symcb.com/rpa0
                  Source: svchost.exe, 0000000A.00000003.2086555237.000001D0DEAE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                  Source: svchost.exe, 0000000A.00000003.2086555237.000001D0DEA70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                  Source: ROMFUSClient.exe, 0000000D.00000000.2157625763.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, ROMServer.exe, 0000000E.00000000.2162132291.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, ROMFUSClient.exe.6.dr, ROMServer.exe.6.drString found in binary or memory: https://litemanager.com/romversion.txt
                  Source: ROMFUSClient.exe, 0000000D.00000000.2157625763.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, ROMServer.exe, 0000000E.00000000.2162132291.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, ROMFUSClient.exe.6.dr, ROMServer.exe.6.drString found in binary or memory: https://litemanager.com/soft/pro/ROMServer.zip
                  Source: ROMFUSClient.exe.6.dr, ROMServer.exe.6.drString found in binary or memory: https://sectigo.com/CPS0

                  System Summary

                  barindex
                  Initial sample is a PE file and has a suspicious name
                  Source: initial sampleStatic PE information: Filename: 0442.pdf.exe
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C105C2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7C105C2F0
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\546b54.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{71FFA475-24D5-44FB-A51F-39B699E3D82C}Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6F1C.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ARPPRODUCTICON.exeJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ROMServer.exe_9D09B2BC25A2414CBD848E2B75898676.exeJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\UNINST_Uninstall_L_78AA5B6662514D94A847D6C603AF0895.exeJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\stop_server_51B516B87C64408FA3C56354EA2277C2.exeJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\config_server_B6BD2967C67B44649764F06ADFFD6458.exeJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\546b57.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\546b57.msiJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                  Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\546b57.msiJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C107B1900_2_00007FF7C107B190
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10734840_2_00007FF7C1073484
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C106A4AC0_2_00007FF7C106A4AC
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10807540_2_00007FF7C1080754
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10649280_2_00007FF7C1064928
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C105F9300_2_00007FF7C105F930
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1055E240_2_00007FF7C1055E24
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C107CE880_2_00007FF7C107CE88
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1071F200_2_00007FF7C1071F20
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C106126C0_2_00007FF7C106126C
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10572880_2_00007FF7C1057288
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C105C2F00_2_00007FF7C105C2F0
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C105A3100_2_00007FF7C105A310
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C106F1800_2_00007FF7C106F180
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10721D00_2_00007FF7C10721D0
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10753F00_2_00007FF7C10753F0
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10576C00_2_00007FF7C10576C0
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C106B5340_2_00007FF7C106B534
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10925500_2_00007FF7C1092550
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C108C8380_2_00007FF7C108C838
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10548400_2_00007FF7C1054840
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1061A480_2_00007FF7C1061A48
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C108FA940_2_00007FF7C108FA94
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1072AB00_2_00007FF7C1072AB0
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1051AA40_2_00007FF7C1051AA4
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1095AF80_2_00007FF7C1095AF8
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C106C96C0_2_00007FF7C106C96C
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10739640_2_00007FF7C1073964
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10889A00_2_00007FF7C10889A0
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1088C1C0_2_00007FF7C1088C1C
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1065B600_2_00007FF7C1065B60
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C106BB900_2_00007FF7C106BB90
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1074B980_2_00007FF7C1074B98
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1072D580_2_00007FF7C1072D58
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10807540_2_00007FF7C1080754
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1078DF40_2_00007FF7C1078DF4
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10920800_2_00007FF7C1092080
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C106AF180_2_00007FF7C106AF18
                  Source: ROMViewer.exe.6.drStatic PE information: Resource name: RT_VERSION type: Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: ROMServer.exe.6.drStatic PE information: Resource name: RT_VERSION type: Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: ROMServer.exe0.6.drStatic PE information: Resource name: RT_VERSION type: Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: ROMServer.exe.6.drStatic PE information: Number of sections : 11 > 10
                  Source: ROMFUSClient.exe.6.drStatic PE information: Number of sections : 11 > 10
                  Source: ROMServer.exe0.6.drStatic PE information: Number of sections : 11 > 10
                  Source: ROMViewer.exe.6.drStatic PE information: Number of sections : 11 > 10
                  Source: ROMViewer.exe.6.drStatic PE information: Resource name: RT_RCDATA type: Delphi compiled form 'TfmEditBinaryValue'
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B307A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs 0442.pdf.exe
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameISRegSvr.dll vs 0442.pdf.exe
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B2FDA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs 0442.pdf.exe
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B2FDA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSetAllUsers.dll< vs 0442.pdf.exe
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3060000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs 0442.pdf.exe
                  Source: 0442.pdf.exe, 00000000.00000003.2048989565.00000223B306E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs 0442.pdf.exe
                  Source: classification engineClassification label: mal88.troj.evad.winEXE@57/92@1/3
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C105B6D8 GetLastError,FormatMessageW,LocalFree,0_2_00007FF7C105B6D8
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1078624 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00007FF7C1078624
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - ServerJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ROMFUSLocal
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5000:120:WilError_03
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ROMFUSTray
                  Source: C:\Users\user\Desktop\0442.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_5529968Jump to behavior
                  Source: Yara matchFile source: 13.0.ROMFUSClient.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.0.ROMServer.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000D.00000000.2157625763.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000000.2162132291.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                  Source: Yara matchFile source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe, type: DROPPED
                  Source: Yara matchFile source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe, type: DROPPED
                  Source: Yara matchFile source: C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exe, type: DROPPED
                  Source: C:\Users\user\Desktop\0442.pdf.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\start.bat" "
                  Source: 0442.pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Users\user\Desktop\0442.pdf.exeFile read: C:\Windows\win.iniJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: 0442.pdf.exeVirustotal: Detection: 44%
                  Source: 0442.pdf.exeReversingLabs: Detection: 26%
                  Source: C:\Users\user\Desktop\0442.pdf.exeFile read: C:\Users\user\Desktop\0442.pdf.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\0442.pdf.exe "C:\Users\user\Desktop\0442.pdf.exe"
                  Source: C:\Users\user\Desktop\0442.pdf.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ms.msi" /qn
                  Source: C:\Users\user\Desktop\0442.pdf.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\start.bat" "
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\0442.pdf.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\doc.pdf"
                  Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 8.8.8.8
                  Source: C:\Users\user\Desktop\0442.pdf.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\doc2.pdf"
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2060 --field-trial-handle=1552,i,17805124399869270899,13465825051320202542,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /siex /silentinstall
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /siex /silentinstall
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /firewall
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /firewall
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /start
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /start
                  Source: unknownProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe"
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe"
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Users\user\Desktop\0442.pdf.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ms.msi" /qnJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\start.bat" "Jump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\doc.pdf"Jump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\doc2.pdf"Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 8.8.8.8Jump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /siex /silentinstallJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /firewallJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /startJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2060 --field-trial-handle=1552,i,17805124399869270899,13465825051320202542,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /siex /silentinstall
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /firewall
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /start
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe"
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: dxgidebug.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: dlnashext.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wpdshext.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: avicap32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: dsound.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: idndl.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: propsys.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: edputil.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: urlmon.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: iertutil.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: srvcli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: windows.staterepositoryps.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wintypes.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: appresolver.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: bcp47langs.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: slc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: userenv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sppc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: onecoreuapcommonproxystub.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: apphelp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: pcacli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: mpr.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sfc_os.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: apphelp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avicap32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avifil32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: dsound.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: avicap32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: dsound.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: idndl.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: propsys.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: edputil.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: urlmon.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: iertutil.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: srvcli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: windows.staterepositoryps.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wintypes.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: appresolver.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: bcp47langs.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: slc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: userenv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sppc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: onecoreuapcommonproxystub.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: pcacli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: mpr.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sfc_os.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avicap32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avifil32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: dsound.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: firewallapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: dnsapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: fwbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: fwpolicyiomgr.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: sxs.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: avicap32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: dsound.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: idndl.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: propsys.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: edputil.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: urlmon.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: iertutil.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: srvcli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: windows.staterepositoryps.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wintypes.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: appresolver.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: bcp47langs.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: slc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: userenv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sppc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: onecoreuapcommonproxystub.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: pcacli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: mpr.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sfc_os.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avicap32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avifil32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: dsound.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avicap32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avifil32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: dsound.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: idndl.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msxml6.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iccvid.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msrle32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvidc32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: tsbyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iccvid.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msrle32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvidc32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: tsbyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iccvid.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msrle32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvidc32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: tsbyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iccvid.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msrle32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvidc32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: tsbyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iccvid.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msrle32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvidc32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: tsbyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iccvid.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msrle32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvidc32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: userenv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: tsbyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iccvid.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msrle32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvidc32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: tsbyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: mswsock.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: avicap32.dll
                  Source: C:\Users\user\Desktop\0442.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                  Source: Start LM-Server.lnk.6.drLNK file: ..\..\..\..\..\..\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                  Source: Uninstall LiteManager - Server.lnk.6.drLNK file: ..\..\..\..\..\..\Windows\SysWOW64\msiexec.exe
                  Source: Stop LM-Server.lnk.6.drLNK file: ..\..\..\..\..\..\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                  Source: Settings for LM-Server.lnk.6.drLNK file: ..\..\..\..\..\..\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: 0442.pdf.exeStatic PE information: Image base 0x140000000 > 0x60000000
                  Source: 0442.pdf.exeStatic file information: File size 11409543 > 1048576
                  Source: 0442.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: 0442.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: 0442.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: 0442.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: 0442.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: 0442.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: 0442.pdf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: 0442.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 0442.pdf.exe
                  Source: 0442.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: 0442.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: 0442.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: 0442.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: 0442.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                  Source: C:\Users\user\Desktop\0442.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_5529968Jump to behavior
                  Source: 0442.pdf.exeStatic PE information: section name: .didat
                  Source: 0442.pdf.exeStatic PE information: section name: _RDATA
                  Source: ROMViewer.exe.6.drStatic PE information: section name: .didata
                  Source: ROMFUSClient.exe.6.drStatic PE information: section name: .didata
                  Source: ROMwln.dll.6.drStatic PE information: section name: .didata
                  Source: ROMServer.exe.6.drStatic PE information: section name: .didata
                  Source: HookDrv.dll.6.drStatic PE information: section name: .didata
                  Source: ROMServer.exe0.6.drStatic PE information: section name: .didata
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1095156 push rsi; retf 0_2_00007FF7C1095157
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1095166 push rsi; retf 0_2_00007FF7C1095167
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\config_server_B6BD2967C67B44649764F06ADFFD6458.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\stop_server_51B516B87C64408FA3C56354EA2277C2.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\files\ROMServer.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ARPPRODUCTICON.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\HookDrv.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\UNINST_Uninstall_L_78AA5B6662514D94A847D6C603AF0895.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\ROMwln.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\AledensoftIpcServer.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ROMServer.exe_9D09B2BC25A2414CBD848E2B75898676.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\config_server_B6BD2967C67B44649764F06ADFFD6458.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\stop_server_51B516B87C64408FA3C56354EA2277C2.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ARPPRODUCTICON.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\UNINST_Uninstall_L_78AA5B6662514D94A847D6C603AF0895.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ROMServer.exe_9D09B2BC25A2414CBD848E2B75898676.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\EULA.rtfJump to behavior
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\romserver.exe
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - ServerJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Start LM-Server.lnkJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Uninstall LiteManager - Server.lnkJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Stop LM-Server.lnkJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Settings for LM-Server.lnkJump to behavior

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Icon mismatch, binary includes an icon from a different legit application in order to fool users
                  Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (132).png
                  Uses an obfuscated file name to hide its real file extension (double extension)
                  Source: Possible double extension: pdf.exeStatic PE information: 0442.pdf.exe
                  Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SYSTEM\LiteManager\v3.4\Server\Parameters NoIPSettingsJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeWindow / User API: threadDelayed 3363
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeWindow / User API: threadDelayed 6450
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\config_server_B6BD2967C67B44649764F06ADFFD6458.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\stop_server_51B516B87C64408FA3C56354EA2277C2.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\LiteManager Pro - Server\files\ROMServer.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ARPPRODUCTICON.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\LiteManager Pro - Server\HookDrv.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\UNINST_Uninstall_L_78AA5B6662514D94A847D6C603AF0895.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\LiteManager Pro - Server\ROMwln.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\LiteManager Pro - Server\AledensoftIpcServer.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ROMServer.exe_9D09B2BC25A2414CBD848E2B75898676.exeJump to dropped file
                  Source: C:\Windows\System32\svchost.exe TID: 7468Thread sleep time: -30000s >= -30000s
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe TID: 7444Thread sleep count: 41 > 30
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe TID: 7444Thread sleep time: -205000s >= -30000s
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe TID: 7424Thread sleep count: 53 > 30
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe TID: 5704Thread sleep time: -1681500s >= -30000s
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe TID: 5704Thread sleep time: -3225000s >= -30000s
                  Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                  Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeLast function: Thread delayed
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeLast function: Thread delayed
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeLast function: Thread delayed
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C107B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7C107B190
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10640BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7C10640BC
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C108FCA0 FindFirstFileExA,0_2_00007FF7C108FCA0
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10816A4 VirtualQuery,GetSystemInfo,0_2_00007FF7C10816A4
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeFile opened: C:\Windows\SysWOW64\wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeFile opened: C:\Windows\SysWOW64\winspool.drv
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\COMCTL32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeFile opened: C:\Windows\SysWOW64\
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeFile opened: C:\Windows\SysWOW64\winmm.dll
                  Source: ROMFUSClient.exe, 00000019.00000002.2244062342.0000000000B48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlls
                  Source: svchost.exe, 0000000A.00000002.3304046540.000001D0DA85C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: svchost.exe, 0000000A.00000002.3301674802.000001D0D942B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
                  Source: ROMFUSClient.exe, 0000000D.00000002.2172961394.0000000000D5C000.00000004.00000020.00020000.00000000.sdmp, ROMServer.exe, 00000014.00000002.3300709299.0000000000D97000.00000004.00000020.00020000.00000000.sdmp, ROMFUSClient.exe, 00000015.00000002.3300252964.0000000000B39000.00000004.00000020.00020000.00000000.sdmp, ROMFUSClient.exe, 00000016.00000002.3300679533.0000000000BA2000.00000004.00000020.00020000.00000000.sdmp, ROMFUSClient.exe, 00000017.00000002.2223673102.0000000000B88000.00000004.00000020.00020000.00000000.sdmp, ROMFUSClient.exe, 00000018.00000002.2236945647.0000000000D98000.00000004.00000020.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001A.00000002.2253413365.0000000000DC8000.00000004.00000020.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001D.00000002.2951004620.0000000000D98000.00000004.00000020.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001E.00000002.3005143922.0000000000B79000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: ROMFUSClient.exe, 0000001B.00000002.2264552423.0000000000C54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
                  Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1083170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7C1083170
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1090D20 GetProcessHeap,0_2_00007FF7C1090D20
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess token adjusted: Debug
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess token adjusted: Debug
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /startJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1083170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7C1083170
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1082510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7C1082510
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1083354 SetUnhandledExceptionFilter,0_2_00007FF7C1083354
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10876D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7C10876D8
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C107B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7C107B190
                  Source: C:\Users\user\Desktop\0442.pdf.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ms.msi" /qnJump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\start.bat" "Jump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\doc.pdf"Jump to behavior
                  Source: C:\Users\user\Desktop\0442.pdf.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\doc2.pdf"Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 8.8.8.8Jump to behavior
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /siex /silentinstall
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /firewall
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /start
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10958E0 cpuid 0_2_00007FF7C10958E0
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00007FF7C107A2CC
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C1080754 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7C1080754
                  Source: C:\Users\user\Desktop\0442.pdf.exeCode function: 0_2_00007FF7C10651A4 GetVersionExW,0_2_00007FF7C10651A4

                  Remote Access Functionality

                  barindex
                  Enables remote desktop connection
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server AllowRemoteRPC

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information1
                  Scripting                  		1
                  Replication Through Removable Media                  		Windows Management Instrumentation1
                  Scripting                  		1
                  Exploitation for Privilege Escalation                  		1
                  Disable or Modify Tools                  		OS Credential Dumping1
                  System Time Discovery                  		1
                  Remote Desktop Protocol                  		1
                  Archive Collected Data                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		11
                  Obfuscated Files or Information                  		LSASS Memory11
                  Peripheral Device Discovery                  		Remote Desktop ProtocolData from Removable Media1
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt1
                  Windows Service                  		1
                  Windows Service                  		1
                  Software Packing                  		Security Account Manager3
                  File and Directory Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron1
                  Registry Run Keys / Startup Folder                  		11
                  Process Injection                  		1
                  DLL Side-Loading                  		NTDS65
                  System Information Discovery                  		Distributed Component Object ModelInput Capture1
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                  Registry Run Keys / Startup Folder                  		1
                  File Deletion                  		LSA Secrets31
                  Security Software Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts222
                  Masquerading                  		Cached Domain Credentials2
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Modify Registry                  		DCSync1
                  Process Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                  Virtualization/Sandbox Evasion                  		Proc Filesystem1
                  Application Window Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                  Process Injection                  		/etc/passwd and /etc/shadow1
                  Remote System Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                  System Network Configuration Discovery                  		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580649 Sample: 0442.pdf.exe Startdate: 25/12/2024 Architecture: WINDOWS Score: 88 62 x1.i.lencr.org 2->62 64 bg.microsoft.map.fastly.net 2->64 72 Icon mismatch, binary includes an icon from a different legit application in order to fool users 2->72 74 Multi AV Scanner detection for submitted file 2->74 76 Sigma detected: Suspicious Double Extension File Execution 2->76 78 3 other signatures 2->78 9 ROMServer.exe 2->9         started        13 msiexec.exe 99 61 2->13         started        16 0442.pdf.exe 6 11 2->16         started        18 svchost.exe 2->18         started        signatures3 process4 dnsIp5 66 101.99.91.150, 49727, 49728, 49729 SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY Malaysia 9->66 80 Enables remote desktop connection 9->80 82 Enables network access during safeboot for specific services 9->82 20 ROMFUSClient.exe 9->20         started        37 8 other processes 9->37 54 C:\Program Files (x86)\...\ROMServer.exe, PE32 13->54 dropped 56 stop_server_51B516...3C56354EA2277C2.exe, PE32 13->56 dropped 58 config_server_B6BD...764F06ADFFD6458.exe, PE32 13->58 dropped 60 9 other files (none is malicious) 13->60 dropped 22 ROMFUSClient.exe 13->22         started        24 ROMFUSClient.exe 13->24         started        26 ROMFUSClient.exe 13->26         started        28 cmd.exe 1 16->28         started        31 Acrobat.exe 57 16->31         started        33 Acrobat.exe 42 16->33         started        35 msiexec.exe 16->35         started        68 127.0.0.1 unknown unknown 18->68 file6 signatures7 process8 signatures9 39 ROMServer.exe 22->39         started        41 ROMServer.exe 24->41         started        43 ROMServer.exe 26->43         started        84 Uses ping.exe to check the status of other devices and networks 28->84 45 PING.EXE 1 28->45         started        48 conhost.exe 28->48         started        50 AcroCEF.exe 107 31->50         started        process10 dnsIp11 70 8.8.8.8 GOOGLEUS United States 45->70 52 AcroCEF.exe 50->52         started        process12

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  0442.pdf.exe44%VirustotalBrowse
                  0442.pdf.exe26%ReversingLabsWin64.Trojan.Uztuby

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Program Files (x86)\LiteManager Pro - Server\AledensoftIpcServer.dll0%ReversingLabs
                  C:\Program Files (x86)\LiteManager Pro - Server\HookDrv.dll0%ReversingLabs
                  C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe3%ReversingLabs
                  C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe8%ReversingLabs
                  C:\Program Files (x86)\LiteManager Pro - Server\ROMwln.dll0%ReversingLabs
                  C:\Program Files (x86)\LiteManager Pro - Server\files\ROMServer.exe3%ReversingLabs
                  C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exe3%ReversingLabs
                  C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ARPPRODUCTICON.exe0%ReversingLabs
                  C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ROMServer.exe_9D09B2BC25A2414CBD848E2B75898676.exe0%ReversingLabs
                  C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\UNINST_Uninstall_L_78AA5B6662514D94A847D6C603AF0895.exe0%ReversingLabs
                  C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\config_server_B6BD2967C67B44649764F06ADFFD6458.exe0%ReversingLabs
                  C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\stop_server_51B516B87C64408FA3C56354EA2277C2.exe0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://litemanager.ru/0%Avira URL Cloudsafe
                  http://litemanager.com/0%Avira URL Cloudsafe
                  http://litemanager.com/10%Avira URL Cloudsafe
                  http://www.LiteManagerTeam.com0%Avira URL Cloudsafe
                  http://litemanager.com/030%Avira URL Cloudsafe
                  http://litemanager.ru/noip.txtU0%Avira URL Cloudsafe
                  https://litemanager.com/soft/pro/ROMServer.zip0%Avira URL Cloudsafe
                  http://litemanager.com/03v0%Avira URL Cloudsafe
                  https://litemanager.com/romversion.txt0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  bg.microsoft.map.fastly.net
                  		199.232.214.172
                  		truefalse
                    		high
                    x1.i.lencr.org
                    		unknown
                    		unknownfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://litemanager.ru/ROMFUSClient.exe, 0000000D.00000000.2158481704.00000000008E4000.00000002.00000001.01000000.0000000B.sdmp, ROMServer.exe, 0000000E.00000000.2165096967.00000000009FE000.00000002.00000001.01000000.0000000C.sdmp, ROMFUSClient.exe.6.dr, ROMServer.exe.6.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://sectigo.com/CPS0ROMFUSClient.exe.6.dr, ROMServer.exe.6.drfalse
                        		high
                        http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#ROMFUSClient.exe.6.dr, ROMServer.exe.6.drfalse
                          		high
                          https://litemanager.com/romversion.txtROMFUSClient.exe, 0000000D.00000000.2157625763.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, ROMServer.exe, 0000000E.00000000.2162132291.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, ROMFUSClient.exe.6.dr, ROMServer.exe.6.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ocsp.sectigo.com0ROMServer.exe.6.drfalse
                            		high
                            http://ocsp.thawte.com00442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drfalse
                              		high
                              http://litemanager.ru/noip.txtUROMServer.exe, 0000000E.00000000.2162132291.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, ROMServer.exe.6.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://crl.ver)svchost.exe, 0000000A.00000002.3302662007.000001D0D94CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 0000000A.00000003.2086555237.000001D0DEA70000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sROMFUSClient.exe.6.dr, ROMServer.exe.6.drfalse
                                    		high
                                    http://www.LiteManagerTeam.com546b56.rbs.6.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.indyproject.org/ROMFUSClient.exe, 0000000D.00000000.2157625763.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, ROMFUSClient.exe, 0000000D.00000003.2170228731.0000000002847000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 0000000E.00000003.2166739408.0000000002AF7000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 0000000E.00000000.2162132291.0000000000951000.00000020.00000001.01000000.0000000C.sdmp, ROMFUSClient.exe, 0000000F.00000003.2189567888.00000000028D7000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 00000010.00000003.2187690246.0000000002AA7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000011.00000003.2223646504.00000000028C7000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 00000013.00000003.2219339086.00000000028E7000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 00000014.00000002.3302222062.00000000016C7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000015.00000002.3301602152.0000000002867000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000016.00000002.3302145498.0000000000FE7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000017.00000003.2221809409.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000018.00000003.2234790700.0000000000F17000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000019.00000003.2242119427.0000000002867000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001B.00000003.2261887862.00000000028E7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001D.00000003.2949144637.00000000029D7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001E.00000003.3003945257.0000000002817000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe.6.dr, ROMServer.exe.6.drfalse
                                      		high
                                      http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#ROMFUSClient.exe.6.dr, ROMServer.exe.6.drfalse
                                        		high
                                        http://www.symauth.com/cps0(0442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drfalse
                                          		high
                                          http://litemanager.com/1ROMServer.exe, 00000014.00000002.3302222062.000000000175C000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000016.00000002.3302145498.000000000107C000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://g.live.com/odclientsettings/Prod/C:svchost.exe, 0000000A.00000003.2086555237.000001D0DEAE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0ROMFUSClient.exe.6.dr, ROMServer.exe.6.drfalse
                                              		high
                                              https://litemanager.com/soft/pro/ROMServer.zipROMFUSClient.exe, 0000000D.00000000.2157625763.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, ROMServer.exe, 0000000E.00000000.2162132291.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, ROMFUSClient.exe.6.dr, ROMServer.exe.6.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://litemanager.com/03ROMFUSClient.exe, 00000016.00000002.3302145498.0000000001083000.00000004.00001000.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://crl.thawte.com/ThawteTimestampingCA.crl00442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drfalse
                                                		high
                                                http://www.symauth.com/rpa000442.pdf.exe, 00000000.00000003.2048989565.00000223B3016000.00000004.00000020.00020000.00000000.sdmp, 0442.pdf.exe, 00000000.00000003.2048989565.00000223B3054000.00000004.00000020.00020000.00000000.sdmp, ms.msi.0.drfalse
                                                  		high
                                                  http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zROMFUSClient.exe.6.dr, ROMServer.exe.6.drfalse
                                                    		high
                                                    http://litemanager.com/546b56.rbs.6.dr, English.lg.6.dr, ROMServer.exe.6.drfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://litemanager.com/03vROMServer.exe, 00000014.00000002.3302222062.0000000001763000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#ROMFUSClient.exe.6.dr, ROMServer.exe.6.drfalse
                                                      		high

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      8.8.8.8
                                                      		unknownUnited States
                                                      		15169GOOGLEUSfalse
                                                      101.99.91.150
                                                      		unknownMalaysia
                                                      		45839SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYtrue

                                                      Private

                                                      IP
                                                      127.0.0.1

                                                      General Information

                                                      Joe Sandbox version:41.0.0 Charoite
                                                      Analysis ID:1580649
                                                      Start date and time:2024-12-25 15:08:27 +01:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 7m 32s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:31
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:0442.pdf.exe
                                                      renamed because original name is a hash value
                                                      Original Sample Name: .pdf.exe
                                                      Detection:MAL
                                                      Classification:mal88.troj.evad.winEXE@57/92@1/3
                                                      EGA Information:
                                                      • Successful, ratio: 50%
                                                      HCA Information:
                                                      • Successful, ratio: 100%
                                                      • Number of executed functions: 69
                                                      • Number of non-executed functions: 93
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                      • Excluded IPs from analysis (whitelisted): 23.218.208.137, 172.64.41.3, 162.159.61.3, 3.233.129.217, 52.22.41.97, 3.219.243.226, 52.6.155.20, 23.218.208.109, 23.195.39.65, 199.232.214.172, 2.19.126.143, 2.19.126.149, 23.56.162.204, 20.12.23.50, 13.107.246.63
                                                      • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, a122.dscd.akamai.net, geo2.adobe.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
                                                      • Execution Graph export aborted for target ROMServer.exe, PID 7464 because there are no executed function
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      09:09:23API Interceptor2x Sleep call for process: svchost.exe modified
                                                      09:09:25API Interceptor1x Sleep call for process: Acrobat.exe modified
                                                      09:09:33API Interceptor2x Sleep call for process: AcroCEF.exe modified
                                                      09:09:34API Interceptor17x Sleep call for process: ROMServer.exe modified
                                                      09:09:36API Interceptor62143x Sleep call for process: ROMFUSClient.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      No context

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      bg.microsoft.map.fastly.netyvaKqhmD4L.exeGet hashmaliciousUnknownBrowse
                                                      • 199.232.210.172
                                                      #U5b89#U88c5#U7a0b#U5e8f_1.1.1.exeGet hashmaliciousUnknownBrowse
                                                      • 199.232.210.172
                                                      IoIB9gQ6OQ.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                      • 199.232.210.172
                                                      eCompleted_419z.pdfGet hashmaliciousHTMLPhisherBrowse
                                                      • 199.232.214.172
                                                      3FG4bsfkEwmxFYY.exeGet hashmaliciousFormBookBrowse
                                                      • 199.232.214.172
                                                      #U5b89#U88c5#U52a9#U624b1.0.3.exeGet hashmaliciousUnknownBrowse
                                                      • 199.232.214.172
                                                      eCompleted_419z.pdfGet hashmaliciousUnknownBrowse
                                                      • 199.232.210.172
                                                      Onboard Training Checklist v1.1 - Wyatt Young (1).xlsxGet hashmaliciousUnknownBrowse
                                                      • 199.232.214.172
                                                      94e.exeGet hashmaliciousRemcosBrowse
                                                      • 199.232.214.172
                                                      https://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                                      • 199.232.210.172

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY94e.exeGet hashmaliciousRemcosBrowse
                                                      • 101.99.94.64
                                                      94e.exeGet hashmaliciousRemcosBrowse
                                                      • 101.99.94.64
                                                      0442.pdf.exeGet hashmaliciousRemcosBrowse
                                                      • 101.99.94.64
                                                      file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                      • 101.99.92.189
                                                      http://www.recorderkorea.com/shop/proc/indb.cart.tab.php?action=ok&tab=today&type=delete&returnUrl=https://23058.hicleanly.ca/uoeujd/shuhsdy/odog/kratos/REDIRECT/Zl2jyY/compliance@yourmom.comGet hashmaliciousUnknownBrowse
                                                      • 101.99.81.34
                                                      lg1wwLsmCX.exeGet hashmaliciousUnknownBrowse
                                                      • 101.99.75.174
                                                      lg1wwLsmCX.exeGet hashmaliciousUnknownBrowse
                                                      • 101.99.75.174
                                                      IFhqcKaIol.lnkGet hashmaliciousUnknownBrowse
                                                      • 101.99.75.174
                                                      Scan_03774843.pdfGet hashmaliciousUnknownBrowse
                                                      • 101.99.77.51
                                                      https://oyatsu-jikan.org/#Z2FyeXRocm93JG5hdGlvbmFsdHViZXN1cHBseS5jb20=Get hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                                      • 101.99.88.67

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      C:\Program Files (x86)\LiteManager Pro - Server\HookDrv.dll0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                        0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                          gBYz86HSwI.msiGet hashmaliciousUnknownBrowse
                                                            0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                              0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                  C:\Program Files (x86)\LiteManager Pro - Server\AledensoftIpcServer.dll0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                    0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                      gBYz86HSwI.msiGet hashmaliciousUnknownBrowse
                                                                        0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                          0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                            0438.pdf.exeGet hashmaliciousUnknownBrowse

                                                                              Created / dropped Files

                                                                              C:\Config.Msi\546b56.rbs

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):23988
                                                                              Entropy (8bit):5.16688071597564
                                                                              Encrypted:false
                                                                              SSDEEP:192:ymC7js8t8t+CqZ+6ySyDy6ylNbywyYylygy2fhWBiBNMBiBNvBiBNq5yoio2YUgj:yH75t8t+CqZ+cNbynfhzOj3IopgpVOVq
                                                                              MD5:046BFFDE4E39A78243B52B813848550F
                                                                              SHA1:B8285903EF11BF3EF67CF6BF27472D7DC837D748
                                                                              SHA-256:5F7C7E058A2E2766A15058BF58E34D01C490D956A77098887E873E5F9496F7A7
                                                                              SHA-512:2DB9EEDDCB59DE391C58E47404842A8FDE8E97E710681052F53FC00EB7E916719C54BA382CF200E8D47EF64DC72753C9C22AFCA4CBB15E7443F5E65EAF3883B2
                                                                              Malicious:false
                                                                              Preview:...@IXOS.@.....@,I.Y.@.....@.....@.....@.....@.....@......&.{71FFA475-24D5-44FB-A51F-39B699E3D82C}..LiteManager Pro - Server..ms.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{9EF586E9-112B-4AAE-B439-5B62B7A0B1DE}.....@.....@.....@.....@.......@.....@.....@.......@......LiteManager Pro - Server......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{3244CDE6-6414-4399-B0D5-424562747210}&.{71FFA475-24D5-44FB-A51F-39B699E3D82C}.@......&.{4D4D18AA-F74D-4291-B5A9-93C3CC48B75F}&.{71FFA475-24D5-44FB-A51F-39B699E3D82C}.@......&.{641F154A-FEEF-4FA7-B5BF-414DB1DB8390}&.{71FFA475-24D5-44FB-A51F-39B699E3D82C}.@......&.{26EAB54E-4659-47E8-86F9-4CB74F7E03BE}&.{71FFA475-24D5-44FB-A51F-39B699E3D82C}.@......&.{596F4636-5D51-49F5-B3B4-F3C366E9DC23}&.{71FFA475-24D5-44FB-A51F-39B699E3D82C}.@......&.{596F4636-5D51-49F5-B3B4-F3C366E9DC23}&.{00000000-0000-0000-0000-000000000000}.@......&.{A3DC5A2F-2249-4674-BE

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\AledensoftIpcServer.dll

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):132032
                                                                              Entropy (8bit):6.10195829980833
                                                                              Encrypted:false
                                                                              SSDEEP:3072:sh/1J7RYdzZU4Z5tegH1q888888888888W888888888882zgP:sh/jIZPZ5tJ8888888888888W888888s
                                                                              MD5:C40455A478E0B76521130D9DAAAADC4B
                                                                              SHA1:42DE923D5E36A9F56B002DD66DB245BC44480089
                                                                              SHA-256:308085BC357BF3A3BEE0D662FCC01628E9EE2FFD478AE0F1E7140939AD99B892
                                                                              SHA-512:76ED6D763F603BCAA7FE186C0A7449E614DCDB18036F7587C6E5A11C3F3269E400E3D2062856CC280AC20C094617924783B6C360F25AF66767DCC53C2F3045C9
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Joe Sandbox View:
                                                                              • Filename: 0438.pdf.exe, Detection: malicious, Browse
                                                                              • Filename: 0438.pdf.exe, Detection: malicious, Browse
                                                                              • Filename: gBYz86HSwI.msi, Detection: malicious, Browse
                                                                              • Filename: 0438.pdf.exe, Detection: malicious, Browse
                                                                              • Filename: 0438.pdf.exe, Detection: malicious, Browse
                                                                              • Filename: 0438.pdf.exe, Detection: malicious, Browse
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....xK............................p........ ..........................................................................\.......\...............................x#...................................................................................text...$........................... ..`.itext.............................. ..`.data...0.... ......................@....bss....xN...@...........................idata..\...........................@....edata..\............&..............@..@.reloc..x#.......$...(..............@..B.rsrc................L..............@..@....................................@..@........................................................................................................................................

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\EULA.rtf

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                                                              Category:dropped
                                                                              Size (bytes):58679
                                                                              Entropy (8bit):4.738446173390891
                                                                              Encrypted:false
                                                                              SSDEEP:768:bkJC7UF9eVWSlBY8Aq9CBGDtD8gX1ZDCZjewbAsCw1vPDQuJPQzusxxeCNHnPPsT:htwqueMZYU
                                                                              MD5:BAED4E7AF33F77350D454B69317EE63B
                                                                              SHA1:2B598774F0C73850A36117F29EA8DAC57BE1C138
                                                                              SHA-256:671D65183C39E53FC1759C45B105A0FBE2D3A216E4099B66D5FCF274EA625E07
                                                                              SHA-512:E740997BDECB8F907A000D01BF3E823898A1289D1DBFAE5BF342D4BCB6FF09D258317955F4FD858FF6B239E5BA08E49E90CDEC06E24DABDB18C1CF2D8943590C
                                                                              Malicious:false
                                                                              Preview:{\rtf1\ansi\ansicpg1251\uc1\deff0\stshfdbch0\stshfloch37\stshfhich37\stshfbi37\deflang1049\deflangfe1049{\fonttbl{\f0\froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times New Roman};}..{\f1\fswiss\fcharset204\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fmodern\fcharset204\fprq1{\*\panose 02070309020205020404}Courier New;}{\f3\froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}..{\f10\fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings;}{\f37\fswiss\fcharset204\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f211\froman\fcharset0\fprq2 Times New Roman{\*\falt Times New Roman};}..{\f209\froman\fcharset238\fprq2 Times New Roman CE{\*\falt Times New Roman};}{\f212\froman\fcharset161\fprq2 Times New Roman Greek{\*\falt Times New Roman};}{\f213\froman\fcharset162\fprq2 Times New Roman Tur{\*\falt Times New Roman};}..{\f214\froman\fcharset177\fprq2 Times New Roman (Hebrew){\*\falt Times New Roman};}{\f215\froman\fcharset178\fprq2 Time

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\English.lg

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):89220
                                                                              Entropy (8bit):3.469297258214741
                                                                              Encrypted:false
                                                                              SSDEEP:768:YvozCzKUNNfMnuQhgdXT0Z2BPshK+4aCWpQJ3OEInKDcbztlXnpQbbMv3PI:Yvoz4TXTI2pQCWOJvgXnpQbS3PI
                                                                              MD5:B1C96EF24061BF294CAC6C4C9CBF7757
                                                                              SHA1:5D1B1934091E257B5F1C69B13F5FC1E424348584
                                                                              SHA-256:20DB884523DA62C20F80B8A3BB71E11091B90A443B83C06D8FE2A1BBC00C1C33
                                                                              SHA-512:6E90562FD804F91DDADEF2310551063D34B859FF1CC6E58A41667E9CDA062DCA851C8455882EF47CF3E1A8EC21EBD9F0761F15E54174CC4A95427238CB39BA14
                                                                              Malicious:false
                                                                              Preview:..[._.s.y.s.t.e.m.].....l.a.n.g.u.a.g.e._.i.d.=.1.0.3.3.........[._.m.e.s.s.a.g.e.s.].....w.e.b._.s.i.t.e. .=. .h.t.t.p.:././.l.i.t.e.m.a.n.a.g.e.r...c.o.m./.....q.u.e.s.t.i.o.n. .=. .Q.u.e.s.t.i.o.n.....e.r.r.o.r. .=. .E.r.r.o.r.....i.n.f.o.r.m.a.t.i.o.n. .=. .I.n.f.o.r.m.a.t.i.o.n.....n.o.t.i.f.i.c.a.t.i.o.n. .=. .N.o.t.i.f.i.c.a.t.i.o.n.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.r.e.a.d._.c.o.n.f.i.g.u.r.a.t.i.o.n. .=. .C.a.n. .n.o.t. .r.e.a.d. .s.e.r.v.i.c.e. .c.o.n.f.i.g.u.r.a.t.i.o.n...\.n.;.R.e.i.n.s.t.a.l.l. .L.i.t.e.M.a.n.a.g.e.r. .s.e.r.v.i.c.e.?.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e. .=. .C.a.n. .n.o.t. .s.e.t. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r. .s.e.r.v.i.c.e. .s.t.a.r.t.u.p. .m.o.d.e.......f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e._.r.e.s.t.a.r.t. .=. .C.a.n. .n.o.t. .s.e.t. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r. .s.e.r.v.i.c.e. .s.t.a.r.t.u.p. .m.o.d.e...\.n.;.R.e.b.o.o.t. .s.y.s.t.e.m.,. .p.l.e.a.s.e.......

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\HookDrv.dll

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):201728
                                                                              Entropy (8bit):6.3607488106285075
                                                                              Encrypted:false
                                                                              SSDEEP:3072:rmqdVRkbN1G3OKtVLqKc3IuQquARCASmShKJ:rmyTmNw3zqKcFLRs
                                                                              MD5:1D4F8CFC7BBF374CCC3AAE6045B2133D
                                                                              SHA1:802EDF0B0ED1D0305BCD6688EE3301366FEC1337
                                                                              SHA-256:C04885562F17BAEEFBCD2D4FC29F054EB8A66C44BD015750498C69A912D94C1F
                                                                              SHA-512:68643A30FEA87B2B61AF546F42BF32A25459152C1BCCE5A8A881714139CE828DFE4237874FF1E9CC3B78D6CDBEF7DD45C9F3459C3337D83693C704C274AFFF3E
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Joe Sandbox View:
                                                                              • Filename: 0438.pdf.exe, Detection: malicious, Browse
                                                                              • Filename: 0438.pdf.exe, Detection: malicious, Browse
                                                                              • Filename: gBYz86HSwI.msi, Detection: malicious, Browse
                                                                              • Filename: 0438.pdf.exe, Detection: malicious, Browse
                                                                              • Filename: 0438.pdf.exe, Detection: malicious, Browse
                                                                              • Filename: 0438.pdf.exe, Detection: malicious, Browse
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...|..[.................\...........v............@.................................................................. ...................@...................@...G..................................................$................................text....S.......T.................. ..`.itext..D....p.......X.............. ..`.data...<............`..............@....bss....<Y...............................idata...............z..............@....didata.............................@....edata....... ......................@..@.rdata..E....0......................@..@.reloc...G...@...H..................@..B.rsrc....@.......@..................@..@....................................@..@........................................................

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\Lang\Taiwan.lg

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):61034
                                                                              Entropy (8bit):4.429529654892776
                                                                              Encrypted:false
                                                                              SSDEEP:768:nebbtdP4XFsh6HWiIZTYp7JtMLG54ttg2kGPyWtvQTznCKDMlV2f:ne3KOhTTocL8HnMlV2f
                                                                              MD5:7303B5AE0B8911CEB238DC01419695BE
                                                                              SHA1:22B89BDB8FAEC62BA3E66639E38E6271B593944A
                                                                              SHA-256:88155FB3F0E198AA4A24F9CFECBB83C5A4E081C6EA362BC50294410CB2FB5C50
                                                                              SHA-512:8AE802616AF60BAF214E254F6A55D312DC46B6E3F8BEE5F50E30E372FF38103776278B5FB07A562C2149EEA58107CB427A03B1629F72044AB69D3507E5DFAB15
                                                                              Malicious:false
                                                                              Preview:[._.s.y.s.t.e.m.].....l.a.n.g.u.a.g.e._.i.d.=.1.0.2.8.........[._.m.e.s.s.a.g.e.s.].....w.e.b._.s.i.t.e. .=. .h.t.t.p.:././.l.i.t.e.m.a.n.a.g.e.r...c.o.m./.....q.u.e.s.t.i.o.n. .=. .OUL.....e.r.r.o.r. .=. ./.......i.n.f.o.r.m.a.t.i.o.n. .=. ........n.o.t.i.f.i.c.a.t.i.o.n. .=. ....w....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.r.e.a.d._.c.o.n.f.i.g.u.r.a.t.i.o.n. .=. .!q.l...S.g.RD}Ka.0\.n.;...e.[. .L.i.t.e.M.a.n.a.g.e.r. ..g.R?.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e. .=. .!q.l-..[ .L.i.t.e.M.a.n.a.g.e.r. .:O.ghV.g.R_U.R!j._.0....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e._.r.e.s.t.a.r.t. .=. .!q.l-..[ .L.i.t.e.M.a.n.a.g.e.r. .:O.ghV.g.R_U.R!j._.0\.n.;....e.._j.|q}.0....f.m._.s.e.t.t.i.n.g.s._.r.e.s.t.a.r.t._.s.e.r.v.i.c.e._.t.o._.a.p.p.l.y. .=. ....e_U.R .L.M. .:O.ghV.a(u.z._.NWY(u...f.0....f.m._.s.e.c.u.r.i.t.y._.f.o.r.c.e._.g.u.e.s.t. .=. .7_6R.O.(Wdk.|q}.N-..[.....asTW.@b.g.}..O(u.....S.g.O.X[.S.kP..0 .!q.l.O(u.07_

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\Lang\Turkish.lg

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):58794
                                                                              Entropy (8bit):3.642324420313977
                                                                              Encrypted:false
                                                                              SSDEEP:768:D+XPobz4qFlRiiXc0HwgHSSxnrKT7nke7GShFBy/x97fuTLY57aC7I/Fj:yPQMw1ZOT7kef1y/X7fuTq4j
                                                                              MD5:606DC375E898D7221CCB7CEB8F7C686B
                                                                              SHA1:26DCF93876C89283623B8150C1B79EDB24B6A7EC
                                                                              SHA-256:F442E440580EA35040E35BF1D85A118E7C182FDE0B9BA2A3C1816DEAB5F822BB
                                                                              SHA-512:9FBC42165B51A2020D2DA2FFE33287A4F3AA33639126813B290D329D47C4F4DA8F297A47AF3C1F63AF6F9E1BA47ACE840BC1660D603E17589E5DB6DDA0E1E5B1
                                                                              Malicious:false
                                                                              Preview:..[._.s.y.s.t.e.m.].....l.a.n.g.u.a.g.e._.i.d.=.1.0.5.5.........[._.m.e.s.s.a.g.e.s.].....w.e.b._.s.i.t.e. .=. .h.t.t.p.:././.l.i.t.e.m.a.n.a.g.e.r...c.o.m./.....q.u.e.s.t.i.o.n. .=. .S.o.r.u.....e.r.r.o.r. .=. .H.a.t.a.....i.n.f.o.r.m.a.t.i.o.n. .=. .B.i.l.g.i.....n.o.t.i.f.i.c.a.t.i.o.n. .=. .B.i.l.d.i.r.i.m.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.r.e.a.d._.c.o.n.f.i.g.u.r.a.t.i.o.n. .=. .H.i.z.m.e.t. .y.a.p.1.l.a.n.d.1.r.m.a.s.1. .o.k.u.n.a.m.1.y.o.r...\.n.;.L.i.t.e.M.a.n.a.g.e.r. .h.i.z.m.e.t.i.n.i. .y.e.n.i.d.e.n. .y...k.l.e.m.e.k. .m.i. .i.s.t.i.y.o.r.s.u.n.u.z.?.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e. .=. .L.i.t.e.M.a.n.a.g.e.r. .h.i.z.m.e.t. .b.a._.l.a.n.g.1... .m.o.d.u.n.u. .a.y.a.r.l.a.y.a.m.1.y.o.r.......f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e._.r.e.s.t.a.r.t. .=. .L.i.t.e.M.a.n.a.g.e.r. .h.i.z.m.e.t. .b.a._.l.a.n.g.1... .m.o.d.u.n.u. .a.y.a.r.l.a.y.a.m.1.y.o.r...\.n.;.S.i.s.t.e.m.i. .y.e.n.i.d.e.n. .b.a._.l.

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\Lang\Ukrainian.lg

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Unicode text, UTF-16, little-endian text, with very long lines (305), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):87912
                                                                              Entropy (8bit):4.303374267443204
                                                                              Encrypted:false
                                                                              SSDEEP:768:VUlHxa/yEOYEJNHWjlUu1pZ26ER2nkUTbfk74Q:aNxWREb4lUu1P29R2JbfC4Q
                                                                              MD5:3FC082E8F516EAD9FC26AC01E737F9EF
                                                                              SHA1:3B67EBCE4400DDCF6B228E5668F3008561FB8F21
                                                                              SHA-256:3DC0CEAE11F445B57B17B7C35A90B5133E313CF6B61550AB418252C5B8089C99
                                                                              SHA-512:9A9D20AF2F8C27056F58AB5A9C687F5124CE5F6D563E396C9558331FB8BE48E88E148B1FDC548A5EBDEDB451E3D89F2F96856F3BBFD695691D5687599F376421
                                                                              Malicious:false
                                                                              Preview:..[._.s.y.s.t.e.m.].....l.a.n.g.u.a.g.e._.i.d. .=. .1.0.5.8.........[._.m.e.s.s.a.g.e.s.].....w.e.b._.s.i.t.e. .=. .h.t.t.p.:././.l.i.t.e.m.a.n.a.g.e.r...r.u./.....q.u.e.s.t.i.o.n. .=. ...8.B.0.=.=.O.....e.r.r.o.r. .=. ...>.<.8.;.:.0.....i.n.f.o.r.m.a.t.i.o.n. .=. ...=.D.>.@.<.0.F.V.O.....n.o.t.i.f.i.c.a.t.i.o.n. .=. ...>.2.V.4.>.<.;.5.=.=.O.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.r.e.a.d._.c.o.n.f.i.g.u.r.a.t.i.o.n. .=. ...5.<.>.6.;.8.2.>. .?.@.>.G.8.B.0.B.8. .:.>.=.D.V.3.C.@.0.F.V.N. .A.;.C.6.1.8...\.n.;...5.@.5.2.A.B.0.=.>.2.8.B.8. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r.?.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e. .=. ...5.<.>.6.;.8.2.>. .2.A.B.0.=.>.2.8.B.8. .@.5.6.8.<. .7.0.?.C.A.:.C. .A.;.C.6.1.8. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r.......f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e._.r.e.s.t.a.r.t. .=. ...5.<.>.6.;.8.2.>. .2.A.B.0.=.>.2.8.B.8. .@.5.6.8.<. .7.0.?.C.A.:.C. .A.;.C.6.1.8. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r.

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):6307408
                                                                              Entropy (8bit):6.5944937257467116
                                                                              Encrypted:false
                                                                              SSDEEP:98304:NwiA/GmKEt3LQ7V8z3uHWkd49GMdqOxaB:NOGmKEt31kd2dqwaB
                                                                              MD5:63D0964168B927D00064AA684E79A300
                                                                              SHA1:B4B9B0E3D92E8A3CBE0A95221B5512DED14EFB64
                                                                              SHA-256:33D1A34FEC88CE59BEB756F5A274FF451CAF171A755AAE12B047E678929E8023
                                                                              SHA-512:894D8A25E9DB3165E0DAAE521F36BBD6F9575D4F46A2597D13DEC8612705634EFEA636A3C4165BA1F7CA3CDC4DC7D4542D0EA9987DE10D2BC5A6ED9D6E05AECB
                                                                              Malicious:false
                                                                              Yara Hits:
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe, Author: Joe Security
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......f..................C..F........C.......C...@.......................... i.......`..........@................... N.......M..A...@T...............`.P"...PN.<............................@N.......................M.......N......................text.....C.......C................. ..`.itext...0....C..2....C............. ..`.data... 3....C..4....C.............@....bss........0E..........................idata...A....M..B....E.............@....didata.......N......LE.............@....edata....... N......ZE.............@..@.tls....X....0N..........................rdata..]....@N......\E.............@..@.reloc..<....PN......^E.............@..B.rsrc........@T......DK.............@..@............. i.......`.............@..@................

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):7753808
                                                                              Entropy (8bit):6.615075046955521
                                                                              Encrypted:false
                                                                              SSDEEP:98304:D4/WZQ7lc63BJGS1VFeIEll251o7+YcMBk2VVyN/RTfCAFIqOx9N:DXQ7SIEXeMBk2V4N/Nq2Iqw9N
                                                                              MD5:F3D74B072B9697CF64B0B8445FDC8128
                                                                              SHA1:8408DA5AF9F257D12A8B8C93914614E9E725F54C
                                                                              SHA-256:70186F0710D1402371CE2E6194B03D8A153443CEA5DDB9FC57E7433CCE96AE02
                                                                              SHA-512:004054EF8CDB9E2FEFC3B7783574BFF57D6D5BF9A4624AD88CB7ECCAE29D4DFD2240A0DC60A14480E6722657132082332A3EC3A7C49D37437644A31E59F551AF
                                                                              Malicious:true
                                                                              Yara Hits:
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe, Author: Joe Security
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe, Author: Joe Security
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...w#.f.................ZU... ......qU.......U...@.......................... ........v..........@...................._......`_..K....g.. ............v.P"...._.4............................._..................... m_.|....._......................text....&U......(U................. ..`.itext..$1...@U..2...,U............. ..`.data....@....U..B...^U.............@....bss....0.....V..........................idata...K...`_..L....V.............@....didata......._.......V.............@....edata........_.......V.............@..@.tls....`....._..........................rdata..]....._.......V.............@..@.reloc..4....._.......V.............@..B.rsrc.... ....g.. ....^.............@..@............. ........v.............@..@................

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\ROMwln.dll

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):999944
                                                                              Entropy (8bit):6.626732213066839
                                                                              Encrypted:false
                                                                              SSDEEP:12288:SA9+TVJdg0YMgqAahyv0jKdTq4lrBhqSq/rt8VwGFrt:SRho0lgqA6yvnrBhq/rQDt
                                                                              MD5:ED32E23322D816C3FE2FC3D05972689E
                                                                              SHA1:5EEA702C9F2AC0A1AADAE25B09E7983DA8C82344
                                                                              SHA-256:7F33398B98E225F56CD287060BEFF6773ABB92404AFC21436B0A20124919FE05
                                                                              SHA-512:E505265DD9D88B3199EB0D4B7D8B81B2F4577FABD4271B3C286366F3C1A58479B4DC40CCB8F0045C7CD08FD8BF198029345EEF9D2D2407306B73E5957AD59EDF
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...`.-\.................J...........X.......`....@.................................................................. ...................@...........0.......@.. O...................................................................................text...0?.......@.................. ..`.itext..8....P.......D.............. ..`.data....:...`...<...N..............@....bss.....]...............................idata..............................@....didata.............................@....edata....... ......................@..@.rdata..E....0......................@..@.reloc.. O...@...P..................@..B.rsrc....@.......@..................@..@.....................0..............@..@........................................................

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\Russian.lg

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):94772
                                                                              Entropy (8bit):4.284840986247552
                                                                              Encrypted:false
                                                                              SSDEEP:768:r1kyTyZFOTb6QeZGJXYbFAMrKARuZk7FRwZoFTa2n:rn+2iZGhYbK4KARpAoFTa2n
                                                                              MD5:0E204FABE68B4B65ED5E0834651FB732
                                                                              SHA1:B338A6E54AA18F3F8A573580520F16C74A51F3D2
                                                                              SHA-256:302373D81F0AE15589206420CB01A266804C9FD1C1FF0D6E09CE6BA3FEF92B64
                                                                              SHA-512:AAD76F6A76DC693D959389CE471BC585D0DA72737FED99F42F219FDC7C71617C00E8003A467092E12820A359D672C6FB80D99772F3F6433923B2ABB7EEA40F08
                                                                              Malicious:false
                                                                              Preview:..[._.s.y.s.t.e.m.].....l.a.n.g.u.a.g.e._.i.d.=.1.0.4.9.........[._.m.e.s.s.a.g.e.s.].....w.e.b._.s.i.t.e. .=. .h.t.t.p.:././.l.i.t.e.m.a.n.a.g.e.r...r.u./.....q.u.e.s.t.i.o.n. .=. ...>.?.@.>.A.....e.r.r.o.r. .=. ...H.8.1.:.0.....i.n.f.o.r.m.a.t.i.o.n. .=. ...=.D.>.@.<.0.F.8.O.....n.o.t.i.f.i.c.a.t.i.o.n. .=. ...?.>.2.5.I.5.=.8.5.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.r.e.a.d._.c.o.n.f.i.g.u.r.a.t.i.o.n. .=. ...5.2.>.7.<.>.6.=.>. .?.@.>.G.8.B.0.B.L. .:.>.=.D.8.3.C.@.0.F.8.N. .A.;.C.6.1.K...\.n.;...5.@.5.C.A.B.0.=.>.2.8.B.L. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r.?.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e. .=. ...5.2.>.7.<.>.6.=.>. .C.A.B.0.=.>.2.8.B.L. .@.5.6.8.<. .7.0.?.C.A.:.0. .A.;.C.6.1.K. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r.......f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e._.r.e.s.t.a.r.t. .=. ...5.2.>.7.<.>.6.=.>. .C.A.B.0.=.>.2.8.B.L. .@.5.6.8.<. .7.0.?.C.A.:.0. .A.;.C.6.1.K. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r...\.n.

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\files\ROMServer.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):7752272
                                                                              Entropy (8bit):6.615186281886958
                                                                              Encrypted:false
                                                                              SSDEEP:98304:y4/WZQ7lc63BJGS1VFeIEll251o7+YcMBk2VVyN/RTfCEFIqOxJn:yXQ7SIEXeMBk2V4N/NqiIqwJn
                                                                              MD5:84FB34E529BEDE393A3F604EAA8137B2
                                                                              SHA1:195EA03B7BD086454A13C0D8357E0A9E447D9EC9
                                                                              SHA-256:1E396C4066AC8F421A54893442A0D76C4F8D4146E63825D67DFC0DA782E73EE5
                                                                              SHA-512:A48A80D62E588667B4C891CDED279BABFFA5FB4FDF092F345212F81D29A9ACAA06E6DB27B49DC601909409A3C82AA9272BCDF90D0AE1738E83E80D9FCA4D93E6
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......f.................ZU... ......qU.......U...@.......................... ........v..........@...................._......`_..K....g..............(v.P"...._.4............................._..................... m_.|....._......................text....&U......(U................. ..`.itext..$1...@U..2...,U............. ..`.data....@....U..B...^U.............@....bss....0.....V..........................idata...K...`_..L....V.............@....didata......._.......V.............@....edata........_.......V.............@..@.tls....`....._..........................rdata..]....._.......V.............@..@.reloc..4....._.......V.............@..B.rsrc.........g.......^.............@..@............. .......(v.............@..@................

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):11361360
                                                                              Entropy (8bit):6.496049600782297
                                                                              Encrypted:false
                                                                              SSDEEP:98304:AshiRp5hPI7N9sSA5wbZXJOu/0uOXZYfmQYanSjS+cWuNOlQpgfYLyPsd+QgBBP5:Al5hPwgvyAjDjS+igfgym+bHJxmK
                                                                              MD5:B0E355EC3453C8FFAEE08CD4257E96F2
                                                                              SHA1:0FA023CA8F1C1ECDADDE3DD3BD551870C2D965E2
                                                                              SHA-256:60248BA026064B116E4F94020DABB74DF519F5B4C41379CA19A38D725692CA8E
                                                                              SHA-512:B6004F83FD78EED84BF21611EFA45F2FFADF3625E0A2FDCDAE531B4734A4B886EBFE5EBE990DA42302B7368282D83DFFEF19E71DA8EC4C155EE5C8619AD028DD
                                                                              Malicious:false
                                                                              Yara Hits:
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exe, Author: Joe Security
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......f..................v..67.......v...... v...@..........................0...................@...................p...........L...p....+..........:..P"...................................................................`.......................text.....u.......u................. ..`.itext...6....u..8....u............. ..`.data....R... v..T....v.............@....bss.........w..........................idata...L.......N...Xw.............@....didata......`........w.............@....edata.......p........w.............@..@.tls....`................................rdata..].............w.............@..@.reloc................w.............@..B.rsrc.....+..p....+.................@..@.............0.......:..............@..@................

                                                                              C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                              Download File
                                                                              Process:C:\Windows\System32\svchost.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1310720
                                                                              Entropy (8bit):0.8307375091101513
                                                                              Encrypted:false
                                                                              SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDugX:gJjJGtpTq2yv1AuNZRY3diu8iBVqF5
                                                                              MD5:684AC256E2D6FCCE14535624C277F63F
                                                                              SHA1:D8A49BFA0CCE072E1A26BB41F15EFBA7F73AAC14
                                                                              SHA-256:5893FE6C555E259D7236EA0052AC8AE991FA456E972AECB58119A2D5B79F7B0C
                                                                              SHA-512:71CBF6BAE93AE1CBDA672A918BB2EDEC249575733D2F51CEF927D9AB0F712454F134F6DC55056B644F38A9B60A907ED0EFBE86BAA6A2B7F474DDCF1D739372CA
                                                                              Malicious:false
                                                                              Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                              Download File
                                                                              Process:C:\Windows\System32\svchost.exe
                                                                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0x6b0510f4, page size 16384, DirtyShutdown, Windows version 10.0
                                                                              Category:dropped
                                                                              Size (bytes):1310720
                                                                              Entropy (8bit):0.6586281733437332
                                                                              Encrypted:false
                                                                              SSDEEP:1536:xSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:xaza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                              MD5:A183799DA997295E3B039BB6AAA1BA2B
                                                                              SHA1:DB776CBA56E8011B39960AA2F4E75A0D3D13E05F
                                                                              SHA-256:108E84D46D43418F6DCA1DE4EB5574B9C95F6ABFA668DEE879BBCBAD737BF5BC
                                                                              SHA-512:D7FB9E7294750395A511CDC19BBFBC454D7C4B73A7FE618FE45199A7E55A2AAE47E995BB9B30691C43FA5FEC1A393430099CD8314D19F213C2BB8A17854AB4F4
                                                                              Malicious:false
                                                                              Preview:k...... ...............X\...;...{......................0.z..........{.......|..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{..................................x........|...........................|q..........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                              Download File
                                                                              Process:C:\Windows\System32\svchost.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):16384
                                                                              Entropy (8bit):0.08082457530178788
                                                                              Encrypted:false
                                                                              SSDEEP:3:/pW/lKYeFpUwultGuAJkhvekl13j8pZ2ll/AllrekGltll/SPj:/pWtKzFmbltrxldU2ll/AJe3l
                                                                              MD5:C90ADBCA3E8A1B76B6A15E61F18FAC77
                                                                              SHA1:4EA2D4B3B686EF6EBB32CE7DCB2E83B3D8921832
                                                                              SHA-256:CC216E3F0EA070DB776F27AFBD4775F0E684E3893DA110000AFBF9F79A90B10A
                                                                              SHA-512:CDA460CC35DF094BE23ABCAD59E2E67123459C1F70B5D6470345EB67E1BFDC7E3BFE8CE3C6E4B8E0A9554E266EE0308BFE91D7BC897302BBF12F2FBE2BED12FE
                                                                              Malicious:false
                                                                              Preview:!.0L.....................................;...{.......|q......{...............{.......{...XL......{...........................|q.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Settings for LM-Server.lnk

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Aug 22 18:41:10 2024, mtime=Wed Dec 25 13:09:28 2024, atime=Thu Aug 22 18:41:10 2024, length=7753808, window=hide
                                                                              Category:dropped
                                                                              Size (bytes):2167
                                                                              Entropy (8bit):3.9198801102691694
                                                                              Encrypted:false
                                                                              SSDEEP:48:8o21+dO1XxWKeZd5Y+d5YsP5qoZkmrSUp8JWqoZkmtix:8oIhP9O5qoZbcJWqoZbti
                                                                              MD5:BA906B2473956977777B8EF4F2519302
                                                                              SHA1:E5F1D93703AA24CE1237DB19A1ABFE1A9A759316
                                                                              SHA-256:2FEA03910FF6D0036D8FC4C0CCB18BACD9C9B674BDA6BD444F3341D416CFF925
                                                                              SHA-512:CEE3473A5C4DCEFE03CE731A37CE6BBA511614665D8DF614F0221FAC01F11224CF6420D3F50BC5DD8087FDCC0A2CAFB35B05E2D61BE4A4E7CEE59F4A009DBE10
                                                                              Malicious:false
                                                                              Preview:L..................F.@.. ......=....|....V.....=....PPv..........................P.O. .:i.....+00.../C:\.....................1......Y,q..PROGRA~2.........O.I.Y,q....................V......Yj.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....z.1......Y/q..LITEMA~1..b......Y,q.Y/q....L.........................L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.....h.2.PPv..Y%. .ROMSER~1.EXE..L.......Y%..Y/q....W.........................R.O.M.S.e.r.v.e.r...e.x.e.......l...............-.......k...........Fk.D.....C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe..L.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.\.R.O.M.S.e.r.v.e.r...e.x.e.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.\.../.c.o.n.f.i.g.n.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.7.1.F.F.A.4.7.5.-.2.4.D.5.-.4.4.F.B.-.A.5.1.F.-.3.9.B.6.9.9.E.3.D.8.2.C.}.\

                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Start LM-Server.lnk

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                              Category:dropped
                                                                              Size (bytes):1890
                                                                              Entropy (8bit):3.1573107695942624
                                                                              Encrypted:false
                                                                              SSDEEP:48:8ddOEPLqd5Y+d5YcCP5q2DT2S0Wq2DTKX7:85LJ9cM5qUoWqUE
                                                                              MD5:5FC67E19699B3F0B2AB7B4B89B0B3F1A
                                                                              SHA1:6F6380DF2EB8C5D30452A846864F001A8B0E473A
                                                                              SHA-256:45451F933B472FA53301D46B7C072AF67E51EC60172E6E9C01E0B308DF78A2F4
                                                                              SHA-512:81C7A9F5683DB54893BD26A6EC1BCBDB17983037668CD996E03934E7708331594195DBF2CCE9EB2B0C0567A9E8B24DD629D40866D49E55C9DF77A864D15744E5
                                                                              Malicious:false
                                                                              Preview:L..................F.@...........................................................P.O. .:i.....+00.../C:\...................z.1...........Program Files (x86).X............................................P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)..."...1...........LiteManager Pro - Server..b............................................L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r...(.h.2...........ROMServer.exe.L............................................R.O.M.S.e.r.v.e.r...e.x.e.......L.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.\.R.O.M.S.e.r.v.e.r...e.x.e.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.\.../.s.t.a.r.t.n.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.7.1.F.F.A.4.7.5.-.2.4.D.5.-.4.4.F.B.-.A.5.1.F.-.3.9.B.6.9.9.E.3.D.8.2.C.}.\.R.O.M.S.e.r.v.e.r...e.x.e._.9.D.0.9.B.2.B.C.2.5.A.2.4.1.4.C.B.D.8.4.8.E.2.B.7.5.8.9.8.6.7.6...e.x.e.........%SystemRoot%\In

                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Stop LM-Server.lnk

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Aug 22 18:41:10 2024, mtime=Wed Dec 25 13:09:28 2024, atime=Thu Aug 22 18:41:10 2024, length=7753808, window=hide
                                                                              Category:dropped
                                                                              Size (bytes):2159
                                                                              Entropy (8bit):3.9044969101902436
                                                                              Encrypted:false
                                                                              SSDEEP:48:8Z21+dO1X+lEeeKeZd5Y+d5Ys5qcxFWT84SslWqcxFWT8cix:8ZIulEe39s5qcxYT8SWqcxYT8ci
                                                                              MD5:B2BA9DFC8CA1224BACC7BF28B8452EC7
                                                                              SHA1:D79545D6779E91B5843B4EEAFC0FEDE89B0FB9F4
                                                                              SHA-256:B3953E51F665F6F16800C0B0EE8430D25B839FC0B29AD5A339A380E237ED6175
                                                                              SHA-512:A9C4F8A584DE2CBF838D94B00D94363ECA54B1413B0C2A1FC6064F04794B1D19D5DB4D3AA63C8CACB1A384516D234A91D6456520085852C1BA7EC391A76AE8FC
                                                                              Malicious:false
                                                                              Preview:L..................F.@.. ......=.....-...V.....=....PPv..........................P.O. .:i.....+00.../C:\.....................1......Y,q..PROGRA~2.........O.I.Y,q....................V......Yj.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....z.1......Y/q..LITEMA~1..b......Y,q.Y/q....L.......................!.L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.....h.2.PPv..Y%. .ROMSER~1.EXE..L.......Y%..Y.q....W.........................R.O.M.S.e.r.v.e.r...e.x.e.......l...............-.......k...........Fk.D.....C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe..L.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.\.R.O.M.S.e.r.v.e.r...e.x.e.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.\.../.s.t.o.p.l.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.7.1.F.F.A.4.7.5.-.2.4.D.5.-.4.4.F.B.-.A.5.1.F.-.3.9.B.6.9.9.E.3.D.8.2.C.}.\.s.t

                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Uninstall LiteManager - Server.lnk

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=0, Archive, ctime=Sat Dec 7 08:10:02 2019, mtime=Wed Oct 4 12:50:31 2023, atime=Sat Dec 7 08:10:02 2019, length=59904, window=hide
                                                                              Category:dropped
                                                                              Size (bytes):1953
                                                                              Entropy (8bit):3.8835163778178172
                                                                              Encrypted:false
                                                                              SSDEEP:24:8WoJW08gyr2bJAqwB+sHyjv/+MTyjvejIKZDUHwGS7ke4WTyjvejIKZDUHwwcln0:8WoY0fbKrHOn5qmjlt6ScWqmjltZl5
                                                                              MD5:7AF8D5B7B131E4B00D1716B70485A7FA
                                                                              SHA1:81711A1FCD2EEEECF73F176FAA0BA81F7EB566D6
                                                                              SHA-256:CA2EC145D6269C8CCF804E1C44E302A08859F0D6F9B4676FB2D1ED5A20DB2A4B
                                                                              SHA-512:092E61467400FAA6F62BF3D3458AEEFB3BB6030B19AD31AF6079304BE64179CEBDCD8A8DADCB25898BB66108DEBD336C8256B2C09D03537DE3EFAFBA32190DBD
                                                                              Malicious:false
                                                                              Preview:L..................F.@.. ...25.............25.............................A....P.O. .:i.....+00.../C:\...................V.1.....DW.r..Windows.@......OwH.Y(q....3.......................7.W.i.n.d.o.w.s.....Z.1......Y&q..SysWOW64..B......O.I.Y(q....Y......................W..S.y.s.W.O.W.6.4.....b.2......OBI .msiexec.exe.H......OBIDW.n................|.............m.s.i.e.x.e.c...e.x.e.......N...............-.......M...........Fk.D.....C:\Windows\SysWOW64\msiexec.exe........\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.m.s.i.e.x.e.c...e.x.e.)./.x. .{.7.1.F.F.A.4.7.5.-.2.4.D.5.-.4.4.F.B.-.A.5.1.F.-.3.9.B.6.9.9.E.3.D.8.2.C.}.s.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.7.1.F.F.A.4.7.5.-.2.4.D.5.-.4.4.F.B.-.A.5.1.F.-.3.9.B.6.9.9.E.3.D.8.2.C.}.\.U.N.I.N.S.T._.U.n.i.n.s.t.a.l.l._.L._.7.8.A.A.5.B.6.6.6.2.5.1.4.D.9.4.A.8.4.7.D.6.C.6.0.3.A.F.0.8.9.5...e.x.e.........%SystemRoot%\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\UNINST_Uninstall_L_78AA5B6662514D94A847D6C6

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):294
                                                                              Entropy (8bit):5.18663304067947
                                                                              Encrypted:false
                                                                              SSDEEP:6:Oac/A+q2P92nKuAl9OmbnIFUt8hac/6LAWZmw+hac/6L3VkwO92nKuAl9OmbjLJ:OacY+v4HAahFUt8hacXW/+haciV5LHAR
                                                                              MD5:F8CA855293FFB9129EA264A5CCC711F6
                                                                              SHA1:370C4EA1C8F8981A08C6774F61544D54B339CEE4
                                                                              SHA-256:6F16DED039CA7094ACD78CEF203B7B9DC4196F419392E430C3A6569557942AD5
                                                                              SHA-512:6BCCE34DB9A7624008805B553DD19E7C570DE36B250DD85DF36E0F68CF9A9F1532A90A2FC9763B0310B6A7E26EB3C1D2E825C7F7DFBAED7021AE6FE0EFD83A2D
                                                                              Malicious:false
                                                                              Preview:2024/12/25-09:09:22.777 1c5c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/25-09:09:22.780 1c5c Recovering log #3.2024/12/25-09:09:22.780 1c5c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):294
                                                                              Entropy (8bit):5.18663304067947
                                                                              Encrypted:false
                                                                              SSDEEP:6:Oac/A+q2P92nKuAl9OmbnIFUt8hac/6LAWZmw+hac/6L3VkwO92nKuAl9OmbjLJ:OacY+v4HAahFUt8hacXW/+haciV5LHAR
                                                                              MD5:F8CA855293FFB9129EA264A5CCC711F6
                                                                              SHA1:370C4EA1C8F8981A08C6774F61544D54B339CEE4
                                                                              SHA-256:6F16DED039CA7094ACD78CEF203B7B9DC4196F419392E430C3A6569557942AD5
                                                                              SHA-512:6BCCE34DB9A7624008805B553DD19E7C570DE36B250DD85DF36E0F68CF9A9F1532A90A2FC9763B0310B6A7E26EB3C1D2E825C7F7DFBAED7021AE6FE0EFD83A2D
                                                                              Malicious:false
                                                                              Preview:2024/12/25-09:09:22.777 1c5c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/25-09:09:22.780 1c5c Recovering log #3.2024/12/25-09:09:22.780 1c5c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):338
                                                                              Entropy (8bit):5.140792283089799
                                                                              Encrypted:false
                                                                              SSDEEP:6:Oac/nuBZAVq2P92nKuAl9Ombzo2jMGIFUt8hac/hIAgZmw+hac/hIAIkwO92nKuA:OacPv4HAa8uFUt8hacJa/+hacJm5LHAv
                                                                              MD5:BEB945163C898FB5B0A0A661486A8E4F
                                                                              SHA1:4C215C4447D282D5B8CCFEFA76C85B23813BE3FB
                                                                              SHA-256:8F096465D69DBEAF1C7B30135CE82A2544D8B105F008A61D8FE4DBC255584683
                                                                              SHA-512:F69692A5E57E1E4D0E524F6DB0F46D5DFBBFB64ADCD4EB3C302D32A03345B1990C579616DBF28092152D5895F282905627F568BF2F30EE186046AF8574D333D5
                                                                              Malicious:false
                                                                              Preview:2024/12/25-09:09:22.943 1d40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/25-09:09:22.945 1d40 Recovering log #3.2024/12/25-09:09:22.945 1d40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):338
                                                                              Entropy (8bit):5.140792283089799
                                                                              Encrypted:false
                                                                              SSDEEP:6:Oac/nuBZAVq2P92nKuAl9Ombzo2jMGIFUt8hac/hIAgZmw+hac/hIAIkwO92nKuA:OacPv4HAa8uFUt8hacJa/+hacJm5LHAv
                                                                              MD5:BEB945163C898FB5B0A0A661486A8E4F
                                                                              SHA1:4C215C4447D282D5B8CCFEFA76C85B23813BE3FB
                                                                              SHA-256:8F096465D69DBEAF1C7B30135CE82A2544D8B105F008A61D8FE4DBC255584683
                                                                              SHA-512:F69692A5E57E1E4D0E524F6DB0F46D5DFBBFB64ADCD4EB3C302D32A03345B1990C579616DBF28092152D5895F282905627F568BF2F30EE186046AF8574D333D5
                                                                              Malicious:false
                                                                              Preview:2024/12/25-09:09:22.943 1d40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/25-09:09:22.945 1d40 Recovering log #3.2024/12/25-09:09:22.945 1d40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\16b7f6bf-7347-4c73-b821-f79ff118edcd.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):508
                                                                              Entropy (8bit):5.047195090775108
                                                                              Encrypted:false
                                                                              SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                                                                              MD5:70321A46A77A3C2465E2F031754B3E06
                                                                              SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                                                                              SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                                                                              SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                                                                              Malicious:false
                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\2b576895-e310-4b94-91c7-07c76851f8b3.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:JSON data
                                                                              Category:modified
                                                                              Size (bytes):508
                                                                              Entropy (8bit):5.059627391643874
                                                                              Encrypted:false
                                                                              SSDEEP:12:YH/um3RA8sqDesBdOg2Hzcaq3QYiubxnP7E4TfF+:Y2sRdsWdMHK3QYhbxP7np+
                                                                              MD5:435A906276383117F98D6F51C6B7CA28
                                                                              SHA1:A0005A7EB29EC6C770B998ED250F4B5F380B9658
                                                                              SHA-256:8099D587D9FA146FE2EBFE74CFC6FD185B54AFA176B335EDEA1F6B7FFDFBE110
                                                                              SHA-512:1EC70175609F4F7F48193EE00EFA5106C35F3B6E7E489022EFD45ADD5FD120214B8D4B476CF0ECB6B828E2A90FF4BE91343F0605770AA50532F8E0BBCB479393
                                                                              Malicious:false
                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379695775152071","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":625361},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):508
                                                                              Entropy (8bit):5.047195090775108
                                                                              Encrypted:false
                                                                              SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                                                                              MD5:70321A46A77A3C2465E2F031754B3E06
                                                                              SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                                                                              SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                                                                              SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                                                                              Malicious:false
                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF55a02a.TMP (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):508
                                                                              Entropy (8bit):5.047195090775108
                                                                              Encrypted:false
                                                                              SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                                                                              MD5:70321A46A77A3C2465E2F031754B3E06
                                                                              SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                                                                              SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                                                                              SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                                                                              Malicious:false
                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):4099
                                                                              Entropy (8bit):5.238236370379709
                                                                              Encrypted:false
                                                                              SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUKyDoSyr:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL3
                                                                              MD5:9E30FDE00104D232E9DDBD3E74EF46E0
                                                                              SHA1:1512E454459B7C5453E2FBCD0A91CD980530E014
                                                                              SHA-256:102EA716AE9E883808A91665E5BD15B09541672CCDD2700BC4E126C9F836434D
                                                                              SHA-512:451B0C5D92F1D9B101A6A97372DA6FA44F317E81DDBFEA2E6A162B1F85447059459775C810B4448206AB15AB04ABC6A7D79F79EBED9668526B4BC63383279217
                                                                              Malicious:false
                                                                              Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):326
                                                                              Entropy (8bit):5.202721441068377
                                                                              Encrypted:false
                                                                              SSDEEP:6:Oac/azvAVq2P92nKuAl9OmbzNMxIFUt8hac/yuBZAgZmw+hac/VAIkwO92nKuAlG:Oac4Av4HAa8jFUt8hacKOz/+hacV5LHP
                                                                              MD5:DD49B884797767C0BB00B050269C5300
                                                                              SHA1:92A39586A0D204C0DC3C42A4B61E5711022C372F
                                                                              SHA-256:E2ADA28E91B6F4247644648C4ED979EE091C7F4F22D55A8A7D61BB64E246CB75
                                                                              SHA-512:3BDDC3CC8829209D72066EE6B2E6AFEE272600281B270D7C3D8E04C0BD82C42DFA4048AB13FDC1AB8FFAFA4CA543F7B83F3638FC43E015797256DDB9E63C75D2
                                                                              Malicious:false
                                                                              Preview:2024/12/25-09:09:23.287 1d40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/25-09:09:23.327 1d40 Recovering log #3.2024/12/25-09:09:23.336 1d40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):326
                                                                              Entropy (8bit):5.202721441068377
                                                                              Encrypted:false
                                                                              SSDEEP:6:Oac/azvAVq2P92nKuAl9OmbzNMxIFUt8hac/yuBZAgZmw+hac/VAIkwO92nKuAlG:Oac4Av4HAa8jFUt8hacKOz/+hacV5LHP
                                                                              MD5:DD49B884797767C0BB00B050269C5300
                                                                              SHA1:92A39586A0D204C0DC3C42A4B61E5711022C372F
                                                                              SHA-256:E2ADA28E91B6F4247644648C4ED979EE091C7F4F22D55A8A7D61BB64E246CB75
                                                                              SHA-512:3BDDC3CC8829209D72066EE6B2E6AFEE272600281B270D7C3D8E04C0BD82C42DFA4048AB13FDC1AB8FFAFA4CA543F7B83F3638FC43E015797256DDB9E63C75D2
                                                                              Malicious:false
                                                                              Preview:2024/12/25-09:09:23.287 1d40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/25-09:09:23.327 1d40 Recovering log #3.2024/12/25-09:09:23.336 1d40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:Certificate, Version=3
                                                                              Category:dropped
                                                                              Size (bytes):1391
                                                                              Entropy (8bit):7.705940075877404
                                                                              Encrypted:false
                                                                              SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                              MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                              SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                              SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                              SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                              Malicious:false
                                                                              Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                              Category:dropped
                                                                              Size (bytes):71954
                                                                              Entropy (8bit):7.996617769952133
                                                                              Encrypted:true
                                                                              SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                              Malicious:false
                                                                              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):192
                                                                              Entropy (8bit):2.779094196322516
                                                                              Encrypted:false
                                                                              SSDEEP:3:kkFklvNWlltfllXlE/HT8kbhvNNX8RolJuRdxLlGB9lQRYwpDdt:kKJlleT8cNMa8RdWBwRd
                                                                              MD5:2B24A2E824AE278EEA0C325D511AE41D
                                                                              SHA1:3E5784D786324EC116EF64F4AAB1DF64E2D1D530
                                                                              SHA-256:A080949EF915D3B97E3723B1260A13BFDFF3797B76B3DB90311B424EA895C796
                                                                              SHA-512:939DCCEE3F60320E50686BA679466D9145D61BF2C8A00FFDEC983E5B038A6B181AF55263454D6D40A0237911781268C5F0AE3B1B6EEE2886339279E04B475069
                                                                              Malicious:false
                                                                              Preview:p...... .........(...V..(....................................................... ..........W....2...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:data
                                                                              Category:modified
                                                                              Size (bytes):328
                                                                              Entropy (8bit):3.253995428229511
                                                                              Encrypted:false
                                                                              SSDEEP:6:kKfUNlllL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:nUllkDImsLNkPlE99SNxAhUe/3
                                                                              MD5:047492FD1F8BFF8652B4A1968C524763
                                                                              SHA1:020BE298119A2AE0FE603ADBFF8A47FAA19A8365
                                                                              SHA-256:61CD5062D0B2D78CBBCB56A14E93631BB37E9B3EBAA0F36933C6F4FAABDF1FEB
                                                                              SHA-512:92D8B2453AE02DB28151874647A51E2F0869EA59D59736ECE8AE0CBA866044464241F1DBA45EB1F11CCD01529497CF6EFC89C0B4526C4956A05387A3E88A7F8E
                                                                              Malicious:false
                                                                              Preview:p...... .............V..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):295
                                                                              Entropy (8bit):5.342762603677354
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXPGGDgSHpR+FIbRI6XVW7+0YKWeoAvJM3g98kUwPeUkwRe9:YvXKXPGGtHp0YpW71WVGMbLUkee9
                                                                              MD5:4BFBE0076815105A446C5E1E78741211
                                                                              SHA1:1A11BD701507A4A504271B36DA00656FB2F1A859
                                                                              SHA-256:FA72B3EFBDE293AA2046A0795FF9210F31902356F108B942C482B4F19C106E60
                                                                              SHA-512:831D5E7380BD3E1D8E1AB169F896F229D829091C22BD0FF5EF11D7D8C7D2F1C3EF41BB9CDDF23C1039F37D69778AEBDD62390AE0101A880DF232FB60057C53D1
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):294
                                                                              Entropy (8bit):5.283372344686909
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXPGGDgSHpR+FIbRI6XVW7+0YKWeoAvJfBoTfXpnrPeUkwRe9:YvXKXPGGtHp0YpW71WVGWTfXcUkee9
                                                                              MD5:7CC0B4C141854C904F04B7F279F58BDC
                                                                              SHA1:52CBE9B7684698BBF1C9FFC48C7B378733A38575
                                                                              SHA-256:E30283684BA7BD6ABAD4B333E000928305331425CEB9F740D17246B0E4DA2CB1
                                                                              SHA-512:E331251F4DFA5DC72692CBE36B60D7D47870F3D5DC3CEBAFDD32C61200230000DAFAE299EED16519BB8871B4BD578DBE124C5429B1797C9639CEE7107521DFD3
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):294
                                                                              Entropy (8bit):5.261324944686269
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXPGGDgSHpR+FIbRI6XVW7+0YKWeoAvJfBD2G6UpnrPeUkwRe9:YvXKXPGGtHp0YpW71WVGR22cUkee9
                                                                              MD5:DF7E6FCF0A351912A2B911EFA1513817
                                                                              SHA1:9EB1ABC635F3EF88787064791A10FBA692A5463D
                                                                              SHA-256:DBF53D5CEFBB9B3D9199FFC11C3EE32D9DC16EB804F6BDD7E71B83FDD71CD76A
                                                                              SHA-512:02D30E32A084E6319C539AA22A16C613FD38BB4B4E2EFF3319F8D9EDA9FAB513B1020298B07FCDDF5D3E47316195154D6B73916FFBF18D8107A7B499986CA7C5
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):285
                                                                              Entropy (8bit):5.320932646852699
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXPGGDgSHpR+FIbRI6XVW7+0YKWeoAvJfPmwrPeUkwRe9:YvXKXPGGtHp0YpW71WVGH56Ukee9
                                                                              MD5:5EF4AB07D52F7403921CF5C6612103C3
                                                                              SHA1:A350AD78B8EADD7A55C1FB9958F90DF0CB5AC6C8
                                                                              SHA-256:9EDC1221B20C1D8A92761AE3CB5F53BF3CBE9E33507F792D49B6BB6A333E4728
                                                                              SHA-512:CAC5F1F6A931E705211FA97F02B160B938FBA579BCB68870E985869422D13E381B98E8DE7AB44051BAECC7857E9ABE2056AA37A68C3AD47875DD694697757912
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):1123
                                                                              Entropy (8bit):5.695159280051963
                                                                              Encrypted:false
                                                                              SSDEEP:24:Yv6XNfli1XpLgE9cQx8LennAvzBvkn0RCmK8czOCCSX:YvVhhgy6SAFv5Ah8cv/X
                                                                              MD5:08589F3BEE9018DEFE230858E35F13F9
                                                                              SHA1:F91F312AB66BB2F64EE8F129D197FFE6A4E467DF
                                                                              SHA-256:1A6B0996B2DA3837B97F1F14FE716644A91CE5723B9343B5D6FB67592377C2E3
                                                                              SHA-512:839355EF7100B5F507197C63B1571C8695DEA1969F0F0A76ADD7D42A57EE6567BB2D9159BA23DD5D1293FED6139B29FCA3E362E08598050AD4A8CE308288E2DA
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):289
                                                                              Entropy (8bit):5.270894061803214
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXPGGDgSHpR+FIbRI6XVW7+0YKWeoAvJf8dPeUkwRe9:YvXKXPGGtHp0YpW71WVGU8Ukee9
                                                                              MD5:4A0F89DC72F205C7B8C168D9A132AAFE
                                                                              SHA1:587730A3D13836EC44F8F718A7FC0A60E241535F
                                                                              SHA-256:3EF728919815CE36384F45DB8A95434B0D9484DB356DAAD167226060E0A13A16
                                                                              SHA-512:81C9B7816D8AA3546FC7C139851C78B4042AA68845E451212A01D2DF1F9C7CC17B521675E257889318D485056BA2B759C9A5CB2D9ECD8388C2069FB91E5E7128
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):292
                                                                              Entropy (8bit):5.272457294228124
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXPGGDgSHpR+FIbRI6XVW7+0YKWeoAvJfQ1rPeUkwRe9:YvXKXPGGtHp0YpW71WVGY16Ukee9
                                                                              MD5:E29E6CCE88BD6224DEC023E3785F6805
                                                                              SHA1:20F302769BE66F0A5A0762E915F33F15ACFA4122
                                                                              SHA-256:A3467336C4B96C6C7316E2741482AC118238E1E31379B8563CEC63FEFAD92732
                                                                              SHA-512:6E00CD8311C6DD4AD1381D66DE68466B2C977632A00ED90F2FDE53A50C030F666601FA5E5018C3D8DE785E87AD6C66375E75744331988BC5BFBCDB83B27530EE
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):289
                                                                              Entropy (8bit):5.2936776332127256
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXPGGDgSHpR+FIbRI6XVW7+0YKWeoAvJfFldPeUkwRe9:YvXKXPGGtHp0YpW71WVGz8Ukee9
                                                                              MD5:0F7FEFF039E0F8464F493220ACFE7A67
                                                                              SHA1:35C98EBBC922656604141C7170876E05103F9A16
                                                                              SHA-256:2F805DAC5DA46B8AF3ACEB7BFF5C58936B8986032E7DC70423D5CB19A05976A8
                                                                              SHA-512:68CAD6EA83FAE73463C3530F26EE6CA7E74069EC1D1891EAE65261A597C1EEB5E04AA4FAC3E73D9B0FD7EFA1505620FFF26A0F2045683ED809E2606D0EAD8E01
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):295
                                                                              Entropy (8bit):5.299534020645481
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXPGGDgSHpR+FIbRI6XVW7+0YKWeoAvJfzdPeUkwRe9:YvXKXPGGtHp0YpW71WVGb8Ukee9
                                                                              MD5:95C70C05B8428AA503F046AAB87BA9FE
                                                                              SHA1:17099923873FB538B1B9D3E8F7BE665B87716F66
                                                                              SHA-256:4DD59605381E4BB8F2B4B14BF915DE304C05D71A1CF10CD5646FCEC75F48EF3B
                                                                              SHA-512:B44AD4A0FC2C326715D79AFFA25251D4E19ADE559B6CF885FE2111162A69508FB141AC27AD7B29FFE2861867EC42879C7F36F694CF9CD86FDD468E25E5D26050
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):289
                                                                              Entropy (8bit):5.279472258142045
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXPGGDgSHpR+FIbRI6XVW7+0YKWeoAvJfYdPeUkwRe9:YvXKXPGGtHp0YpW71WVGg8Ukee9
                                                                              MD5:88AF43178CFB1182A6C66ED3185865A8
                                                                              SHA1:CC8A9B9DD2C2BDA0FDBB132D4454859B9401E54B
                                                                              SHA-256:8FB028FC4BD58C1D5217BB110058762A6694560320362BA6CD77A5FF8C63CA2A
                                                                              SHA-512:C47C0E5AE8C7BE81BD3199BF49A668B1F80A8B5902A2EA4FDF763F75E30A9585E9F9815960864FA1D3801172F30D01C81A8B9EB557B546A5625BD13BA461653B
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):284
                                                                              Entropy (8bit):5.2648435255259285
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXPGGDgSHpR+FIbRI6XVW7+0YKWeoAvJf+dPeUkwRe9:YvXKXPGGtHp0YpW71WVG28Ukee9
                                                                              MD5:210D291275F92FAAA19811AD0523A4D2
                                                                              SHA1:CF1D5C00A2955DAFEDF6C99F8A87CC1C03E94652
                                                                              SHA-256:BBE2AAE5B2C83AEEE85CBDEB508F7B327EEB5E552DEF0B18A2AB758C6CE4922E
                                                                              SHA-512:2FDFC85EB9182DA4F5388E02D57D15E3714A947E676EE50FEC29C8B2D4457CFC4F6F6CA71E6D527697705A0DF024CD87E1903C176DF53B97BB1DD369419E9D15
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):291
                                                                              Entropy (8bit):5.263160439952389
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXPGGDgSHpR+FIbRI6XVW7+0YKWeoAvJfbPtdPeUkwRe9:YvXKXPGGtHp0YpW71WVGDV8Ukee9
                                                                              MD5:67CA0DE1FA30372AE77E81A1A6E37F9D
                                                                              SHA1:7FF7E28EC929D8100C7731AB3F0F24466F408E45
                                                                              SHA-256:B2F0D8661C83765D78A9260552A781C7EF6CE3A1D41EC6B66C93EC780352EBB4
                                                                              SHA-512:938C204B6048B2A3F16D80F59AC96F88F3F1A629E417EADBACCA4369DE6B3863AAA82F5724C7D9F26C9042E34051B0417833386138F9141610772605CA4A3060
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):287
                                                                              Entropy (8bit):5.264235144022263
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXPGGDgSHpR+FIbRI6XVW7+0YKWeoAvJf21rPeUkwRe9:YvXKXPGGtHp0YpW71WVG+16Ukee9
                                                                              MD5:560CD85ADA3FB8410A87D675A81C56DB
                                                                              SHA1:B64C78BF88E1CFBE4B475CE502C6FCB4C6237B8F
                                                                              SHA-256:297B182D91394C03FBBF632A75BBBD41B3E3C9B4EFEE03E8FF2D2A550158423C
                                                                              SHA-512:D396C9D9B3B52968A0F6598E6750C764E250A08E2B970702FFB188CDCAE05EE7B0191A46B77BD47FE2A07370F8767DD37C01AD8F987968728C63BC93CC6E4887
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):1090
                                                                              Entropy (8bit):5.669196473616994
                                                                              Encrypted:false
                                                                              SSDEEP:24:Yv6XNfli1vamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSX:YvVtBgkDMUJUAh8cvMX
                                                                              MD5:6E8D8BDCE129164006F856005F8816D9
                                                                              SHA1:9D542BD16CDF98BA5C861951C960ADD21E703DC8
                                                                              SHA-256:4FBDC02D84D7AA4F1760C26F8DC39A3F9537D4AE1D18E1C291BEB0974725DB7C
                                                                              SHA-512:F4CD304625220FDC27E3B1F4FBD01A11AB49703C0A4F4693B595B7B9C5B4460978B8DFA2A6470997ED95ECFBC691C250B6CCE248918981BAE1982F839B1E1497
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):286
                                                                              Entropy (8bit):5.240770375131678
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXPGGDgSHpR+FIbRI6XVW7+0YKWeoAvJfshHHrPeUkwRe9:YvXKXPGGtHp0YpW71WVGUUUkee9
                                                                              MD5:D4C077C583D1E7488CA4AC4A53B79788
                                                                              SHA1:13FA49DBBCF577F29B79D8E7A75A2510DB1FEDDE
                                                                              SHA-256:898A7542D1B8E00D059AB2B274D8A8FA3C2A8020C86A671BC4C45647CF43B3E1
                                                                              SHA-512:D4FDD6683C7A943D7E8B6F048E2C9D792B9754D400B08E43DC8B51DE75427E4006ED97BE66367E7D2B34D59F43EB1A36AFAD73A5418CA5F689A2C8F5918010BF
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):282
                                                                              Entropy (8bit):5.248615298773007
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXPGGDgSHpR+FIbRI6XVW7+0YKWeoAvJTqgFCrPeUkwRe9:YvXKXPGGtHp0YpW71WVGTq16Ukee9
                                                                              MD5:2C2199AEF272D45CDA88DD76257DA518
                                                                              SHA1:68C149573682205F114C373F55866373B014EDB4
                                                                              SHA-256:BDC829E95A25B443EE5447DA107291F2171532BA054067DF3A700BD3A039597A
                                                                              SHA-512:434478EB63E83B2A93F6FB6ECCE380C4EE902F072812A353EC7CAE9F40F2F4A47FFE71FF78883D5F108F8BA59BAEB755C54CE6AD881C030525030365FAEE57F1
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"1f3c3104-8320-4f18-81ab-6bc746394748","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735315203858,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):4
                                                                              Entropy (8bit):0.8112781244591328
                                                                              Encrypted:false
                                                                              SSDEEP:3:e:e
                                                                              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                              Malicious:false
                                                                              Preview:....

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):2814
                                                                              Entropy (8bit):5.135250697434126
                                                                              Encrypted:false
                                                                              SSDEEP:24:YK8faBaylgPuz+v4a/x4VIRRWCcb9jFzcj0Sbfj2jZ2LSlCK8ssjT2g5vY9TGcu7:YegGz5uxeIRRwVQLwLsssFVY9K5
                                                                              MD5:996E5346534BB272DE56260AFFE98246
                                                                              SHA1:31AB20D6A004D246BDE097E891B9C231B7F160A2
                                                                              SHA-256:ADE9A47FA149C4C3719EE6C4E5401EA63EF159D26FEB62F9DA5A555860D9018C
                                                                              SHA-512:308094EF8DA724FDCA3B5FCCE3124F67B98E6171C6925F9D0C085CB41BF6B3BF505D3724425930546FA586C29AEF8BE3118059701FBE39C57740BC3E57C28840
                                                                              Malicious:false
                                                                              Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"6daa50fd68d3b6cd883d052d7b324e3d","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1735135773000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"217faadeae76dfca1cef2f42f6c40178","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1735135773000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"56a36e8b800f7cba830a463448dbe66b","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1735135773000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"d7822b065f7750c4469353417c50c871","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1735135773000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"4df31d9aa3756d304ddd6aa52aa157c7","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1735135773000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"d7ce0399b06636d2873e8d60bcc4e84b","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                                                              Category:dropped
                                                                              Size (bytes):12288
                                                                              Entropy (8bit):0.9835068526571208
                                                                              Encrypted:false
                                                                              SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spp+4zJwtNBwtNbRZ6bRZ4u+F:TVl2GL7ms6ggOVpfzutYtp6PC
                                                                              MD5:9E2AA9516C3ACCBBCD33CB7188BFA383
                                                                              SHA1:ABAE6767888582DE595FCD9CBDC0DDA47599FE00
                                                                              SHA-256:2DB8BFA603C7AEFCB2F3A1E764AD6AA84E1946B68C46EDDFC410145153FD0C14
                                                                              SHA-512:C69CDBCB793899065E3F1EF6CD7A6556128583D9C5B873902E9C79C2E2FC05520FC5C9007C2D5B8BDE8AE88B58E0EBE55F4602A2B5DE7084DB3C7D5EF438E8F7
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:SQLite Rollback Journal
                                                                              Category:dropped
                                                                              Size (bytes):8720
                                                                              Entropy (8bit):1.3367909896970156
                                                                              Encrypted:false
                                                                              SSDEEP:24:7+tZAD1RZKHs/Ds/Spp+PzJwtNBwtNbRZ6bRZWf1RZKbqLBx/XYKQvGJF7urs8:7MZGgOVpozutYtp6PMyqll2GL7ms8
                                                                              MD5:194477A5ADA6E9A45B3DFAD01FD1BCB7
                                                                              SHA1:E2A805B602EDEE915B9B025D4414F202AE92FFEE
                                                                              SHA-256:15F74690BBDDCE57F0209E898A2A5BEEDBE787812A43AC11A01F05178D071768
                                                                              SHA-512:B149117597935C22C6D41517057131E96E3E6227A45B95732140F210B395C2802DA34B5D5FEB3614ED050295F8AE0B87ECEFF4887FB8EB1B7036D8C933EDFFFF
                                                                              Malicious:false
                                                                              Preview:.... .c.....f..a......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):66726
                                                                              Entropy (8bit):5.392739213842091
                                                                              Encrypted:false
                                                                              SSDEEP:768:RNOpblrU6TBH44ADKZEgZ2Ejzzjgal5H1QGI7E1iBmupyFYyu:6a6TZ44ADEZ2E3zjga/Hxu0FK
                                                                              MD5:9DAAA44C03CFCDC739FBA7461033F705
                                                                              SHA1:5170A9106D59433360F585C433191D7B6D737A77
                                                                              SHA-256:F345BD495557B6B9CA1B8733FF23E5CC1503FB44542113E25F97DAE4B8DE30E3
                                                                              SHA-512:197591FB75138B0FBF98FEF272B83C53DB39BEF8B1127AA919C27275D1BC99DDD6762311B2186529BEEFE26D97AA7787A9C973263F9AFA40FEE4EC239969EF1E
                                                                              Malicious:false
                                                                              Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-25 09-09-25-037.log

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:ASCII text, with very long lines (393)
                                                                              Category:dropped
                                                                              Size (bytes):16525
                                                                              Entropy (8bit):5.376360055978702
                                                                              Encrypted:false
                                                                              SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                                                                              MD5:1336667A75083BF81E2632FABAA88B67
                                                                              SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                                                                              SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                                                                              SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                                                                              Malicious:false
                                                                              Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):15114
                                                                              Entropy (8bit):5.338105224029145
                                                                              Encrypted:false
                                                                              SSDEEP:384:UjnWXX78Vn8mi2BXBnEfBuLOmZmM+bngKhF5bPLZvRNUacs+u5zZIPIFw3ZNhsMN:aRr
                                                                              MD5:1EF3B948DDBCBA7EC555E8415D8380AE
                                                                              SHA1:74739B4F0781A3891813DC5FA6CA29C194136BE5
                                                                              SHA-256:548D73DDC6CBDD1C19D31874A04843D7E4DC34BEE0E201293AD085FEAA5195C7
                                                                              SHA-512:8BAFE4D43A073503A7CB6BE4203354273E52894AC1406B053051D1B0582AA5A0D186974B65E7AA59F89F3B1AD7764D9D62D79782957C66BCD7AC67E7DAAFE6E9
                                                                              Malicious:false
                                                                              Preview:SessionID=5e1ed2c8-c0f8-45ae-b544-8e8b19ada2eb.1735135765063 Timestamp=2024-12-25T09:09:25:063-0500 ThreadID=7208 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=5e1ed2c8-c0f8-45ae-b544-8e8b19ada2eb.1735135765063 Timestamp=2024-12-25T09:09:25:066-0500 ThreadID=7208 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=5e1ed2c8-c0f8-45ae-b544-8e8b19ada2eb.1735135765063 Timestamp=2024-12-25T09:09:25:066-0500 ThreadID=7208 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=5e1ed2c8-c0f8-45ae-b544-8e8b19ada2eb.1735135765063 Timestamp=2024-12-25T09:09:25:066-0500 ThreadID=7208 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=5e1ed2c8-c0f8-45ae-b544-8e8b19ada2eb.1735135765063 Timestamp=2024-12-25T09:09:25:066-0500 ThreadID=7208 Component=ngl-lib_NglAppLib Description="SetConf

                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):29752
                                                                              Entropy (8bit):5.398423177464255
                                                                              Encrypted:false
                                                                              SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbq:u
                                                                              MD5:D03D1F80392EAFC0BA7B40BFD09CB2F9
                                                                              SHA1:146DE7F2CED356FCBC6C416310B40A3D85719FF3
                                                                              SHA-256:67C5CDA88D142F021FB5930F7FB662D759D5010C7FC175CB3ED18B4C4A121A07
                                                                              SHA-512:986509175C94215BD8ADF7D880874AF0BA8A2814970DC26EED1538BFA1E4172AD6C0FB6B884C8D06B07017F2A1FF649DF9FE88B32F2E52E1696768AE5358E707
                                                                              Malicious:false
                                                                              Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\018db5b9-40ce-4092-9ba4-4cfada8c1a73.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                              Category:dropped
                                                                              Size (bytes):386528
                                                                              Entropy (8bit):7.9736851559892425
                                                                              Encrypted:false
                                                                              SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                              MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                              Malicious:false
                                                                              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\10a8265a-83ad-4d97-a6ee-71d6b118ba76.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                              Category:dropped
                                                                              Size (bytes):1419751
                                                                              Entropy (8bit):7.976496077007677
                                                                              Encrypted:false
                                                                              SSDEEP:24576:/xA7owWLcGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLcGZtwZGk3mlind9i4ufFXpAXkru
                                                                              MD5:A46246FAEAB95D87F5B4FE236C2B3D3E
                                                                              SHA1:7F018DB9238A63FEAD8D11A92297E7366058A75A
                                                                              SHA-256:7E822FECC47177C5A7F4C250E7D53509D104DE68B0D0CE9445877B508400988E
                                                                              SHA-512:8AAB79958BF39F014FBA7F69287FE0C357746E63FA3482DE3231BDF4A97B964A0815DAF7BFE9751C55BA6BE618E0A964CEB23FC30B4FA9DFEB284F42EBA897BF
                                                                              Malicious:false
                                                                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\7356cb1a-ab2b-4b24-b816-ee356ed2f3c6.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
                                                                              Category:dropped
                                                                              Size (bytes):1407294
                                                                              Entropy (8bit):7.97605879016224
                                                                              Encrypted:false
                                                                              SSDEEP:24576:/yowYIGNP4bdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oBGZd:twZG6b3mlind9i4ufFXpAXkrfUs0qWLa
                                                                              MD5:8D04FDC5022E491B91EC6B32F003430B
                                                                              SHA1:6619D46E06076B5669D4CC677D6D8F638189E46A
                                                                              SHA-256:7682C53053D66EF0B1A89335C88C4420226B10AFAC87A286E6E1A6BC795FEE61
                                                                              SHA-512:AA96FA56D3C5C4200BAA917D3091ADB1A5FAE7D534DD9C909D8B60AE13E902D6B71D42C2823319483414987E4B41079FA241B3D0A384EE4B281B63F834917E7D
                                                                              Malicious:false
                                                                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\7efa558a-8fa2-4aac-9a5f-d241e247a738.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                              Category:dropped
                                                                              Size (bytes):758601
                                                                              Entropy (8bit):7.98639316555857
                                                                              Encrypted:false
                                                                              SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                              MD5:3A49135134665364308390AC398006F1
                                                                              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                              Malicious:false
                                                                              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                              C:\Users\user\AppData\Local\Temp\doc.pdf

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\0442.pdf.exe
                                                                              File Type:PDF document, version 1.7, 6 pages
                                                                              Category:dropped
                                                                              Size (bytes):85137
                                                                              Entropy (8bit):7.7513343990244366
                                                                              Encrypted:false
                                                                              SSDEEP:1536:eyetDLuxUTpyWbzUGW7EmvP95imdqYKq6i97idLfnk:eyetMk1tCPfimdsq6ididL8
                                                                              MD5:17A9D7D59ED8076A38B9E48533A01A10
                                                                              SHA1:1EC63D0BECCCBCE15277A3C227E787131C1E8F74
                                                                              SHA-256:631C4D8C4D0DE76F18712484358E532BE32F2FA2F92D7FAB026406C346ACBCDA
                                                                              SHA-512:E3C8AD153864482AC0BDE7445DAFFF1DAC9DCBC48D83C99169388C2EEE832EDDB02B4A2553F60D81E93674F76880544F4C10F05098830E7931518D14DF1DCFED
                                                                              Malicious:false
                                                                              Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(ru) /StructTreeRoot 37 0 R/MarkInfo<</Marked true>>/Metadata 351 0 R/ViewerPreferences 352 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 6/Kids[ 3 0 R 26 0 R 28 0 R 30 0 R 32 0 R 34 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 12 0 R/F3 14 0 R/F4 19 0 R/F5 24 0 R>>/ExtGState<</GS10 10 0 R/GS11 11 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 595.32 841.92] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 1237>>..stream..x..Ko.6.....w.1)`...C.....Z4...r.z.!..F....J...).+.`.k...>....o4....._........V..<>.7_..>.=.T.6....h3...A.e+..U`...o_..O?.......{P....m..>m..`5..g......{w.F=......!L.w.....6.iLK.._..O.]...a.S..F...I....~.x.nL......}.;J|..>....d..L.....=...QB[.4p^[..t.dB...!.=.......v...]h.0F.......C....5&B....Yoz.n....c[W<........'. .1.9?...m.).hG.)!Zm...:..K(I.d...\..s..%.

                                                                              C:\Users\user\AppData\Local\Temp\doc2.pdf

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\0442.pdf.exe
                                                                              File Type:PDF document, version 1.7, 6 pages
                                                                              Category:dropped
                                                                              Size (bytes):85137
                                                                              Entropy (8bit):7.7513343990244366
                                                                              Encrypted:false
                                                                              SSDEEP:1536:eyetDLuxUTpyWbzUGW7EmvP95imdqYKq6i97idLfnk:eyetMk1tCPfimdsq6ididL8
                                                                              MD5:17A9D7D59ED8076A38B9E48533A01A10
                                                                              SHA1:1EC63D0BECCCBCE15277A3C227E787131C1E8F74
                                                                              SHA-256:631C4D8C4D0DE76F18712484358E532BE32F2FA2F92D7FAB026406C346ACBCDA
                                                                              SHA-512:E3C8AD153864482AC0BDE7445DAFFF1DAC9DCBC48D83C99169388C2EEE832EDDB02B4A2553F60D81E93674F76880544F4C10F05098830E7931518D14DF1DCFED
                                                                              Malicious:false
                                                                              Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(ru) /StructTreeRoot 37 0 R/MarkInfo<</Marked true>>/Metadata 351 0 R/ViewerPreferences 352 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 6/Kids[ 3 0 R 26 0 R 28 0 R 30 0 R 32 0 R 34 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 12 0 R/F3 14 0 R/F4 19 0 R/F5 24 0 R>>/ExtGState<</GS10 10 0 R/GS11 11 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 595.32 841.92] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 1237>>..stream..x..Ko.6.....w.1)`...C.....Z4...r.z.!..F....J...).+.`.k...>....o4....._........V..<>.7_..>.=.T.6....h3...A.e+..U`...o_..O?.......{P....m..>m..`5..g......{w.F=......!L.w.....6.iLK.._..O.]...a.S..F...I....~.x.nL......}.;J|..>....d..L.....=...QB[.4p^[..t.dB...!.=.......v...]h.0F.......C....5&B....Yoz.n....c[W<........'. .1.9?...m.).hG.)!Zm...:..K(I.d...\..s..%.

                                                                              C:\Users\user\AppData\Local\Temp\ms.msi

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\0442.pdf.exe
                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: LiteManager - Server 5.0 installation package, Comments: This installer contains the logic and data to install LiteManager Pro - Server 5.0, Keywords: Installer,MSI,Database, Subject: LiteManager Pro - Server, Author: LiteManagerTeam, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Thu Aug 22 15:43:08 2024, Create Time/Date: Thu Aug 22 15:43:08 2024, Last Printed: Thu Aug 22 15:43:08 2024, Revision Number: {9EF586E9-112B-4AAE-B439-5B62B7A0B1DE}, Code page: 0, Template: Intel;0,1033,1049
                                                                              Category:dropped
                                                                              Size (bytes):11553792
                                                                              Entropy (8bit):7.938196666665725
                                                                              Encrypted:false
                                                                              SSDEEP:196608:cJg0ov2gTGOk/J1yr/A9ODMlWyFISx8/191nYHiT88o8En03yEoH8WkJDFa:CRJoLA9OIlWy58/19J+iYNPEoHg0
                                                                              MD5:B02F581793BE146506FACC3C6AEEBC32
                                                                              SHA1:DB1CB3BD3744C77E6E3253CF4480E177A358669A
                                                                              SHA-256:1666B1C2AE1AF47B252ABBC69C80281F81A7EA979F1D784FADC19ED6FEEC59F0
                                                                              SHA-512:8113F897F5936F6393746635D2BEDCEB410DBD1F825DF28C65D96EC3390509755E63E01C5311EC0A78B2FF48579D634C5D77CED80FBA01B68D2E9A08223B8E0A
                                                                              Malicious:false
                                                                              Preview:......................>...................................8........6..................}.................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...@...M...:...;...=...........?...N...A...B...C...D...E...F...G...H...I...J...O...L...N...D.......P...Q...R...S...T...Z...V...W...X...Y....X..[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                              C:\Users\user\AppData\Local\Temp\start.bat

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\0442.pdf.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):130
                                                                              Entropy (8bit):4.924404357134264
                                                                              Encrypted:false
                                                                              SSDEEP:3:mKDb2nppLJTXZkRErG+fyM1K/RFofD6ANntch9wQn:hb4ZGaH1MUmy2Nn
                                                                              MD5:AA3AAB4A5BCA1D06B08C6F5D6362A5D0
                                                                              SHA1:486D423A2B689CC119CE95DFCDC018C7B552FA24
                                                                              SHA-256:A0A569883E851B4B965088F9ED9F9FBA80803B47AC6E6DD4B07DF60435184CD4
                                                                              SHA-512:2B5F84DFB399F313D11A8BFA2F3F3338CF69711D5C7B6D86E7F876C8B64DB3A664D1E3E4A4A4B0066A6949DE4E64CBA416A40BE56461556F9216EE82DE23D913
                                                                              Malicious:false
                                                                              Preview:@echo of..ping 8.8.8.8..cls..del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\*.*" /q..cls..exit

                                                                              C:\Windows\Installer\546b54.msi

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: LiteManager - Server 5.0 installation package, Comments: This installer contains the logic and data to install LiteManager Pro - Server 5.0, Keywords: Installer,MSI,Database, Subject: LiteManager Pro - Server, Author: LiteManagerTeam, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Thu Aug 22 15:43:08 2024, Create Time/Date: Thu Aug 22 15:43:08 2024, Last Printed: Thu Aug 22 15:43:08 2024, Revision Number: {9EF586E9-112B-4AAE-B439-5B62B7A0B1DE}, Code page: 0, Template: Intel;0,1033,1049
                                                                              Category:dropped
                                                                              Size (bytes):11553792
                                                                              Entropy (8bit):7.938196666665725
                                                                              Encrypted:false
                                                                              SSDEEP:196608:cJg0ov2gTGOk/J1yr/A9ODMlWyFISx8/191nYHiT88o8En03yEoH8WkJDFa:CRJoLA9OIlWy58/19J+iYNPEoHg0
                                                                              MD5:B02F581793BE146506FACC3C6AEEBC32
                                                                              SHA1:DB1CB3BD3744C77E6E3253CF4480E177A358669A
                                                                              SHA-256:1666B1C2AE1AF47B252ABBC69C80281F81A7EA979F1D784FADC19ED6FEEC59F0
                                                                              SHA-512:8113F897F5936F6393746635D2BEDCEB410DBD1F825DF28C65D96EC3390509755E63E01C5311EC0A78B2FF48579D634C5D77CED80FBA01B68D2E9A08223B8E0A
                                                                              Malicious:false
                                                                              Preview:......................>...................................8........6..................}.................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...@...M...:...;...=...........?...N...A...B...C...D...E...F...G...H...I...J...O...L...N...D.......P...Q...R...S...T...Z...V...W...X...Y....X..[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                              C:\Windows\Installer\546b57.msi

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: LiteManager - Server 5.0 installation package, Comments: This installer contains the logic and data to install LiteManager Pro - Server 5.0, Keywords: Installer,MSI,Database, Subject: LiteManager Pro - Server, Author: LiteManagerTeam, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Thu Aug 22 15:43:08 2024, Create Time/Date: Thu Aug 22 15:43:08 2024, Last Printed: Thu Aug 22 15:43:08 2024, Revision Number: {9EF586E9-112B-4AAE-B439-5B62B7A0B1DE}, Code page: 0, Template: Intel;0,1033,1049
                                                                              Category:dropped
                                                                              Size (bytes):11553792
                                                                              Entropy (8bit):7.938196666665725
                                                                              Encrypted:false
                                                                              SSDEEP:196608:cJg0ov2gTGOk/J1yr/A9ODMlWyFISx8/191nYHiT88o8En03yEoH8WkJDFa:CRJoLA9OIlWy58/19J+iYNPEoHg0
                                                                              MD5:B02F581793BE146506FACC3C6AEEBC32
                                                                              SHA1:DB1CB3BD3744C77E6E3253CF4480E177A358669A
                                                                              SHA-256:1666B1C2AE1AF47B252ABBC69C80281F81A7EA979F1D784FADC19ED6FEEC59F0
                                                                              SHA-512:8113F897F5936F6393746635D2BEDCEB410DBD1F825DF28C65D96EC3390509755E63E01C5311EC0A78B2FF48579D634C5D77CED80FBA01B68D2E9A08223B8E0A
                                                                              Malicious:false
                                                                              Preview:......................>...................................8........6..................}.................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...@...M...:...;...=...........?...N...A...B...C...D...E...F...G...H...I...J...O...L...N...D.......P...Q...R...S...T...Z...V...W...X...Y....X..[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                              C:\Windows\Installer\MSI6F1C.tmp

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):292994
                                                                              Entropy (8bit):4.840236244901062
                                                                              Encrypted:false
                                                                              SSDEEP:3072:Syoy2KjcC2jcmFDX/vjcJGUjcmFDX/rjcmFDX/dZ+cNbynfZ:Syoy25DXmNDXLDXX+cNbynfZ
                                                                              MD5:4E9BC97A6787F34AEEF776CF3C2AA5C1
                                                                              SHA1:DE3F67B85A4F8083B4BF1AEE4BDFE12BBD8C5108
                                                                              SHA-256:2D280A0D3E80F3C249E4C2B6CFAF78F69D0674FF41D794138BAB4DF66D08D822
                                                                              SHA-512:79D2C4E430DD41F0A0717C358E033102ABB262C30AB62D2CD6C37F7C3CE630E38D0A6A5397640BC810D3A6F33DA43F39F0233FABAE5F75759DA7A05279B9E2A4
                                                                              Malicious:false
                                                                              Preview:...@IXOS.@.....@,I.Y.@.....@.....@.....@.....@.....@......&.{71FFA475-24D5-44FB-A51F-39B699E3D82C}..LiteManager Pro - Server..ms.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{9EF586E9-112B-4AAE-B439-5B62B7A0B1DE}.....@.....@.....@.....@.......@.....@.....@.......@......LiteManager Pro - Server......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{3244CDE6-6414-4399-B0D5-424562747210}0.C:\Program Files (x86)\LiteManager Pro - Server\.@.......@.....@.....@......&.{4D4D18AA-F74D-4291-B5A9-93C3CC48B75F}5.C:\Program Files (x86)\LiteManager Pro - Server\Lang\.@.......@.....@.....@......&.{641F154A-FEEF-4FA7-B5BF-414DB1DB8390}C.C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exe.@.......@.....@.....@......&.{26EAB54E-4659-47E8-86F9-4CB74F7E03BE}0.C:\Program Files (x86)\LiteManager Pro - Server\.@.......@.....@.....@......&.{596F4636-5D51-49F

                                                                              C:\Windows\Installer\SourceHash{71FFA475-24D5-44FB-A51F-39B699E3D82C}

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                              Category:dropped
                                                                              Size (bytes):20480
                                                                              Entropy (8bit):1.1606991732464857
                                                                              Encrypted:false
                                                                              SSDEEP:12:JSbX72FjFAGiLIlHVRpBh/7777777777777777777777777vDHFfbe2vtJW4pOlN:JrQI5V9dviGF
                                                                              MD5:9919BE79CDAFD16F8630DD829A24FF3B
                                                                              SHA1:321473B910870BD86F2A43F096A91B4BD8565301
                                                                              SHA-256:E048D73E34C2E2B94A4EE92E8BDEA0B1707F91FEC4FDB5A3089FA8396B23B8A0
                                                                              SHA-512:9850A8A36D84B0CC3B32BC6DF3E7EA2EB2AF4C696DF3CA69BD65A88510CB23274E33FD39D332B69B5BD099D2BCF9C2248D9B61AA5C22F50C0031A85903B4F24F
                                                                              Malicious:false
                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                              Category:dropped
                                                                              Size (bytes):20480
                                                                              Entropy (8bit):1.7875340660776278
                                                                              Encrypted:false
                                                                              SSDEEP:48:y8PhIuRc06WXJMnT5WXcYhymSvOd5YpRXd5YNd5YGd5YMd5YP6Ad5Y3s4SBmlOd3:dhI1vnTNYLm0WlfPuRqW0WlfAR/
                                                                              MD5:8B39400331DE43434B8853545CCC5E88
                                                                              SHA1:DC3FC36162416E70ABC03D887A6BB87D163846D2
                                                                              SHA-256:2C9C910010E0FCE4C56DF6B36DA48DA4BE8F01D808520242BF0D4B216ED53E3F
                                                                              SHA-512:C641D41A32AB1AB2CC5A2A6CEF77BB230EBA1049B4974E44E66B1A7CF58BCBE8009DD221BF50EAFD4BF0AC34710F73182C606DA940EA194F242845DB7BD8E446
                                                                              Malicious:false
                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ARPPRODUCTICON.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):53248
                                                                              Entropy (8bit):4.351781833522881
                                                                              Encrypted:false
                                                                              SSDEEP:384:AvFMAyDNOdTdFCxfrwntajXjDWLi9Y+C5vy/Q1nDcZUNeLNek+vDFNe+TNy:+MAyYdTmPJbgqcnDcCNy
                                                                              MD5:CA680899D9330BEB85E6351E6DC0D27B
                                                                              SHA1:41E89E582F58FB2A4ED06FA3BF796A1DAAC5CB6C
                                                                              SHA-256:EAB5DC45781E92CD5CF953016757B1E6F2ED7A0B5A97CC0945B19A8FBC1A85F2
                                                                              SHA-512:3817BD6EC345F96631E6CBF6C8DD384ACB17D912B1EC69D959F3AA15C05226D5FE3B5E9807D42D0E63589AABCEADFBE8BD5F293D8069DF689D12498E05842286
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L...J&uU.................@...................P....@.........................................................................4T..(........0...........................................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc....0.......@..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ROMServer.exe_9D09B2BC25A2414CBD848E2B75898676.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):57344
                                                                              Entropy (8bit):4.774504587732323
                                                                              Encrypted:false
                                                                              SSDEEP:768:SMAyYdTmPJbgqcnDcZTw0gpEeO4tZZz+0pQTk/N0:S1U81cmpjDX/N0
                                                                              MD5:5EBCB54B76FBE24FFF9D3BD74E274234
                                                                              SHA1:6CD72F044F36B7A3A79B7D77AAE59F274A66CE95
                                                                              SHA-256:504AEB909BBA186D4298AA97DCD6A09CCDD42217AF1F6210BC5EBD23B3DFCCBF
                                                                              SHA-512:5FF61D724B77B6EDC67D33B0F1EE1C3CB01F2A03251D0BE83FF10A80A99DBA08E3A0E0F985DEED6358E467B2E9B6A837E894513D1B5E68AF253C0BBDD68539D0
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L...J&uU.................@...................P....@.........................................................................4T..(.......xC...........................................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc...xC.......P..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\UNINST_Uninstall_L_78AA5B6662514D94A847D6C603AF0895.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):4.31126714354722
                                                                              Encrypted:false
                                                                              SSDEEP:384:EvFMAyDNOdTdFCxfrwntajXjDWLi9Y+C5vy/Q1nDcZMwQE3vGYksuektm6yysZc8:SMAyYdTmPJbgqcnDcmwQE/RkHRRNS
                                                                              MD5:6A4AFFF2CD33613166B37A0DAB99BD41
                                                                              SHA1:FBC0F1696213B459D099A5809D79CFC01253880F
                                                                              SHA-256:53C1AE4962663E82D3AAC7C4A6CBE3D53E05D6948ADAE6391A2748396ACF98FE
                                                                              SHA-512:7B61D32E4AD38BC21E86559BFFA49A334CCB6184E595CB43F2D60A2A77C86B31D07B1A9D1F8FBE69E9AAD7E096952D765404BEBC494E73BD992642EB6B82E3A7
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L...J&uU.................@...p...............P....@.........................................................................4T..(........+...........................................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc....+.......0..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\config_server_B6BD2967C67B44649764F06ADFFD6458.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):57344
                                                                              Entropy (8bit):4.774504587732323
                                                                              Encrypted:false
                                                                              SSDEEP:768:SMAyYdTmPJbgqcnDcZTw0gpEeO4tZZz+0pQTk/N0:S1U81cmpjDX/N0
                                                                              MD5:5EBCB54B76FBE24FFF9D3BD74E274234
                                                                              SHA1:6CD72F044F36B7A3A79B7D77AAE59F274A66CE95
                                                                              SHA-256:504AEB909BBA186D4298AA97DCD6A09CCDD42217AF1F6210BC5EBD23B3DFCCBF
                                                                              SHA-512:5FF61D724B77B6EDC67D33B0F1EE1C3CB01F2A03251D0BE83FF10A80A99DBA08E3A0E0F985DEED6358E467B2E9B6A837E894513D1B5E68AF253C0BBDD68539D0
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L...J&uU.................@...................P....@.........................................................................4T..(.......xC...........................................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc...xC.......P..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\stop_server_51B516B87C64408FA3C56354EA2277C2.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):57344
                                                                              Entropy (8bit):4.774504587732323
                                                                              Encrypted:false
                                                                              SSDEEP:768:SMAyYdTmPJbgqcnDcZTw0gpEeO4tZZz+0pQTk/N0:S1U81cmpjDX/N0
                                                                              MD5:5EBCB54B76FBE24FFF9D3BD74E274234
                                                                              SHA1:6CD72F044F36B7A3A79B7D77AAE59F274A66CE95
                                                                              SHA-256:504AEB909BBA186D4298AA97DCD6A09CCDD42217AF1F6210BC5EBD23B3DFCCBF
                                                                              SHA-512:5FF61D724B77B6EDC67D33B0F1EE1C3CB01F2A03251D0BE83FF10A80A99DBA08E3A0E0F985DEED6358E467B2E9B6A837E894513D1B5E68AF253C0BBDD68539D0
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L...J&uU.................@...................P....@.........................................................................4T..(.......xC...........................................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc...xC.......P..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):364484
                                                                              Entropy (8bit):5.3655092655628795
                                                                              Encrypted:false
                                                                              SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauR:zTtbmkExhMJCIpEW
                                                                              MD5:4C0F6EFF73F1902CC60DEB519D3803E5
                                                                              SHA1:EDEE96061407183E0570AF715276B6EA5699011F
                                                                              SHA-256:C339C368DC7282505E0CA745F12F20AEB613A84E2EAFB2EEC9F66F21E2DAECC4
                                                                              SHA-512:544A3A4136FF5ED32A7C1606459913483748A5A3AD87B8DB80CFF84588EFA6D3C5ABB662035D570B2553D59DE4614CD57CD61E42B102B09BC3F45EC1188A0C60
                                                                              Malicious:false
                                                                              Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                              C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                              Download File
                                                                              Process:C:\Windows\System32\svchost.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):55
                                                                              Entropy (8bit):4.306461250274409
                                                                              Encrypted:false
                                                                              SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                              MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                              SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                              SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                              SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                              Malicious:false
                                                                              Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                              C:\Windows\Temp\~DF014AB8115936258D.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                              Category:dropped
                                                                              Size (bytes):32768
                                                                              Entropy (8bit):1.416764905225089
                                                                              Encrypted:false
                                                                              SSDEEP:48:ElguZM+CFXJjT55q9XcYhymSvOd5YpRXd5YNd5YGd5YMd5YP6Ad5Y3s4SBmlOd5J:Ig37T31YLm0WlfPuRqW0WlfAR/
                                                                              MD5:CA8B802CA3E06F3948E21322067A4280
                                                                              SHA1:C4F8CCB23D49B59419D5E9ABFE8078201B64F7E0
                                                                              SHA-256:E6910D19508394D0DC9647A7F12E8CBA449ACB0D03A13243F3A31C703959A83B
                                                                              SHA-512:0741C6438125C1364FAA3880FD32E10B15DAA845CE19E63407DF7137F42A6E59606425296B1019DB7816612CDE50CF3C473F55FEA5C825FE15E5721DA32DEBBE
                                                                              Malicious:false
                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DF2D3D57EBEDABD07A.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                              Category:dropped
                                                                              Size (bytes):20480
                                                                              Entropy (8bit):1.7875340660776278
                                                                              Encrypted:false
                                                                              SSDEEP:48:y8PhIuRc06WXJMnT5WXcYhymSvOd5YpRXd5YNd5YGd5YMd5YP6Ad5Y3s4SBmlOd3:dhI1vnTNYLm0WlfPuRqW0WlfAR/
                                                                              MD5:8B39400331DE43434B8853545CCC5E88
                                                                              SHA1:DC3FC36162416E70ABC03D887A6BB87D163846D2
                                                                              SHA-256:2C9C910010E0FCE4C56DF6B36DA48DA4BE8F01D808520242BF0D4B216ED53E3F
                                                                              SHA-512:C641D41A32AB1AB2CC5A2A6CEF77BB230EBA1049B4974E44E66B1A7CF58BCBE8009DD221BF50EAFD4BF0AC34710F73182C606DA940EA194F242845DB7BD8E446
                                                                              Malicious:false
                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DF2EE7979326D1E077.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):73728
                                                                              Entropy (8bit):0.2221253392900423
                                                                              Encrypted:false
                                                                              SSDEEP:48:PH0mFSBmlOd5YpRXd5YNd5YGd5YMd5YmmSvOd5YpRXd5YNd5YGd5YMd5YP6Ad5YK:PHdFqW0Wlfxm0WlfPu8Y
                                                                              MD5:6EC3726130BF806AF4AA9E0E4FC906C3
                                                                              SHA1:D144170CC03AA6E7B3876712ECDA2DF8842DFDF0
                                                                              SHA-256:29FCD6B0AC4B38EAD5BE77BFD9BB550412AA53B737E7EFE9A1DCC1AD86617C82
                                                                              SHA-512:E2895C8334FB032036FE94A992A8AC1E360BAB2869213039B8AE888EFDF4A741D402A9FC96FEBD161A924EA807B081DF5826C9EA9CC9C1D9E919E36291679E7B
                                                                              Malicious:false
                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DF44285C411E47713B.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):32768
                                                                              Entropy (8bit):0.06712149920142403
                                                                              Encrypted:false
                                                                              SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO0AbuJ2vWEJWM1AVky6lO:2F0i8n0itFzDHFfbe2vtJWuO
                                                                              MD5:0E8B611CF5EFD5D7F4C345B5C4E1443E
                                                                              SHA1:88A30155409C7EF376FB080774D617FCD51EEB6B
                                                                              SHA-256:1DDAF54603271883C75BDB3FB0D5D7FA324500D3ECC46649D583F73FE82FBB4D
                                                                              SHA-512:6AF62D7F4423FD2635320D0E94D40F31502581BF4CE800729F8040E6A962D4E178DDA94B8C10499FAF03C37BF914598A14B1539FD2A18B83A90958235CA131EE
                                                                              Malicious:false
                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DF63180DB30046DEA9.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                              Category:dropped
                                                                              Size (bytes):32768
                                                                              Entropy (8bit):1.416764905225089
                                                                              Encrypted:false
                                                                              SSDEEP:48:ElguZM+CFXJjT55q9XcYhymSvOd5YpRXd5YNd5YGd5YMd5YP6Ad5Y3s4SBmlOd5J:Ig37T31YLm0WlfPuRqW0WlfAR/
                                                                              MD5:CA8B802CA3E06F3948E21322067A4280
                                                                              SHA1:C4F8CCB23D49B59419D5E9ABFE8078201B64F7E0
                                                                              SHA-256:E6910D19508394D0DC9647A7F12E8CBA449ACB0D03A13243F3A31C703959A83B
                                                                              SHA-512:0741C6438125C1364FAA3880FD32E10B15DAA845CE19E63407DF7137F42A6E59606425296B1019DB7816612CDE50CF3C473F55FEA5C825FE15E5721DA32DEBBE
                                                                              Malicious:false
                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DF6CB8DBE4DBA2ED2C.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):512
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:3::
                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                              Malicious:false
                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DF82A34C54DDD49E8E.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                              Category:dropped
                                                                              Size (bytes):20480
                                                                              Entropy (8bit):1.7875340660776278
                                                                              Encrypted:false
                                                                              SSDEEP:48:y8PhIuRc06WXJMnT5WXcYhymSvOd5YpRXd5YNd5YGd5YMd5YP6Ad5Y3s4SBmlOd3:dhI1vnTNYLm0WlfPuRqW0WlfAR/
                                                                              MD5:8B39400331DE43434B8853545CCC5E88
                                                                              SHA1:DC3FC36162416E70ABC03D887A6BB87D163846D2
                                                                              SHA-256:2C9C910010E0FCE4C56DF6B36DA48DA4BE8F01D808520242BF0D4B216ED53E3F
                                                                              SHA-512:C641D41A32AB1AB2CC5A2A6CEF77BB230EBA1049B4974E44E66B1A7CF58BCBE8009DD221BF50EAFD4BF0AC34710F73182C606DA940EA194F242845DB7BD8E446
                                                                              Malicious:false
                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DF9D5986BD4B0787D4.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):512
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:3::
                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                              Malicious:false
                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DFA03D9833FBC34247.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                              Category:dropped
                                                                              Size (bytes):32768
                                                                              Entropy (8bit):1.416764905225089
                                                                              Encrypted:false
                                                                              SSDEEP:48:ElguZM+CFXJjT55q9XcYhymSvOd5YpRXd5YNd5YGd5YMd5YP6Ad5Y3s4SBmlOd5J:Ig37T31YLm0WlfPuRqW0WlfAR/
                                                                              MD5:CA8B802CA3E06F3948E21322067A4280
                                                                              SHA1:C4F8CCB23D49B59419D5E9ABFE8078201B64F7E0
                                                                              SHA-256:E6910D19508394D0DC9647A7F12E8CBA449ACB0D03A13243F3A31C703959A83B
                                                                              SHA-512:0741C6438125C1364FAA3880FD32E10B15DAA845CE19E63407DF7137F42A6E59606425296B1019DB7816612CDE50CF3C473F55FEA5C825FE15E5721DA32DEBBE
                                                                              Malicious:false
                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DFA820866FB5C2CF19.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):512
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:3::
                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                              Malicious:false
                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DFD19AC4B5B56FA3CA.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:modified
                                                                              Size (bytes):512
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:3::
                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                              Malicious:false
                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DFDA3C6A007850AEAA.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):512
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:3::
                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                              Malicious:false
                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                              Entropy (8bit):7.988555676370944
                                                                              TrID:
                                                                              • Win64 Executable GUI (202006/5) 92.65%
                                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                                              • DOS Executable Generic (2002/1) 0.92%
                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                              File name:0442.pdf.exe
                                                                              File size:11'409'543 bytes
                                                                              MD5:4f6b2b9ee57c50d6c505d0cdada4803e
                                                                              SHA1:ad7dee6f1f71c4fe6299170a160592f139390e12
                                                                              SHA256:62410e8399acf7834c74012783bde3fe9ff244e048141c4a96a65bec06895f37
                                                                              SHA512:43607bd5bd78dea051340a684ad3311172adc590e5ffcd8a7c576e3f6ddba7e13750bab2a957b4d9fdec0d68b67d5391e779ee625006d00b82a65ecfc62525ce
                                                                              SSDEEP:196608:rqwdhlYLDYm+q6yU4zpDKpuLkQ9aP8F5hidaKsv7kDXFd+bIYW2LJjIeTF:Nw3Yi6yU4zpDeuREkF5PlgP+0ijIeh
                                                                              TLSH:75B6334AF79008F8E0E6F67485778425E6723D4E1338A59F57A83A2B7E773118C36722
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i...i.\.i...b.\.i...g.\.`.].C.\...Y.R.\...\.a.\.....a.\

                                                                              File Icon

                                                                              Icon Hash:0fd88dc89ea7861b

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x140032ee0
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:false
                                                                              Imagebase:0x140000000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                              Time Stamp:0x66409723 [Sun May 12 10:17:07 2024 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:5
                                                                              OS Version Minor:2
                                                                              File Version Major:5
                                                                              File Version Minor:2
                                                                              Subsystem Version Major:5
                                                                              Subsystem Version Minor:2
                                                                              Import Hash:b1c5b1beabd90d9fdabd1df0779ea832

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              dec eax
                                                                              sub esp, 28h
                                                                              call 00007FDE9D13FF98h
                                                                              dec eax
                                                                              add esp, 28h
                                                                              jmp 00007FDE9D13F92Fh
                                                                              int3
                                                                              int3
                                                                              dec eax
                                                                              mov eax, esp
                                                                              dec eax
                                                                              mov dword ptr [eax+08h], ebx
                                                                              dec eax
                                                                              mov dword ptr [eax+10h], ebp
                                                                              dec eax
                                                                              mov dword ptr [eax+18h], esi
                                                                              dec eax
                                                                              mov dword ptr [eax+20h], edi
                                                                              inc ecx
                                                                              push esi
                                                                              dec eax
                                                                              sub esp, 20h
                                                                              dec ebp
                                                                              mov edx, dword ptr [ecx+38h]
                                                                              dec eax
                                                                              mov esi, edx
                                                                              dec ebp
                                                                              mov esi, eax
                                                                              dec eax
                                                                              mov ebp, ecx
                                                                              dec ecx
                                                                              mov edx, ecx
                                                                              dec eax
                                                                              mov ecx, esi
                                                                              dec ecx
                                                                              mov edi, ecx
                                                                              inc ecx
                                                                              mov ebx, dword ptr [edx]
                                                                              dec eax
                                                                              shl ebx, 04h
                                                                              dec ecx
                                                                              add ebx, edx
                                                                              dec esp
                                                                              lea eax, dword ptr [ebx+04h]
                                                                              call 00007FDE9D13EDB3h
                                                                              mov eax, dword ptr [ebp+04h]
                                                                              and al, 66h
                                                                              neg al
                                                                              mov eax, 00000001h
                                                                              sbb edx, edx
                                                                              neg edx
                                                                              add edx, eax
                                                                              test dword ptr [ebx+04h], edx
                                                                              je 00007FDE9D13FAC3h
                                                                              dec esp
                                                                              mov ecx, edi
                                                                              dec ebp
                                                                              mov eax, esi
                                                                              dec eax
                                                                              mov edx, esi
                                                                              dec eax
                                                                              mov ecx, ebp
                                                                              call 00007FDE9D141AD7h
                                                                              dec eax
                                                                              mov ebx, dword ptr [esp+30h]
                                                                              dec eax
                                                                              mov ebp, dword ptr [esp+38h]
                                                                              dec eax
                                                                              mov esi, dword ptr [esp+40h]
                                                                              dec eax
                                                                              mov edi, dword ptr [esp+48h]
                                                                              dec eax
                                                                              add esp, 20h
                                                                              inc ecx
                                                                              pop esi
                                                                              ret
                                                                              int3
                                                                              int3
                                                                              int3
                                                                              dec eax
                                                                              sub esp, 48h
                                                                              dec eax
                                                                              lea ecx, dword ptr [esp+20h]
                                                                              call 00007FDE9D12E343h
                                                                              dec eax
                                                                              lea edx, dword ptr [00025747h]
                                                                              dec eax
                                                                              lea ecx, dword ptr [esp+20h]
                                                                              call 00007FDE9D140B92h
                                                                              int3
                                                                              jmp 00007FDE9D146D74h
                                                                              int3
                                                                              int3
                                                                              int3
                                                                              int3
                                                                              int3
                                                                              int3

                                                                              Rich Headers

                                                                              Programming Language:
                                                                              • [ C ] VS2008 SP1 build 30729
                                                                              • [IMP] VS2008 SP1 build 30729

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x597a00x34.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x597d40x50.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x700000x154f4.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6a0000x306c.pdata
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x970.reloc
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x536c00x54.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x537800x28.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4b3f00x140.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x480000x508.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x588bc0x120.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x10000x4676e0x46800f06bb06e02377ae8b223122e53be35c2False0.5372340425531915data6.47079645411382IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .rdata0x480000x128c40x12a002de06d4a6920a6911e64ff20000ea72fFalse0.4499003775167785data5.273999097784603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .data0x5b0000xe75c0x1a000dbdb901a7d477980097e42e511a94fbFalse0.28275240384615385data3.2571023907881185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                              .pdata0x6a0000x306c0x3200b0ce0f057741ad2a4ef4717079fa34e9False0.483359375data5.501810413666288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .didat0x6e0000x3600x4001fcc7b1d7a02443319f8fcc2be4ca936False0.2578125data3.0459938492946015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                              _RDATA0x6f0000x15c0x2003f331ec50f09ba861beaf955b33712d5False0.408203125data3.3356393424384843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .rsrc0x700000x154f40x15600830fe0401acd1728e669a91fa1858e36False0.2520559210526316data4.6583703321340835IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .reloc0x860000x9700xa0077a9ddfc47a5650d6eebbcc823e39532False0.52421875data5.336289720085303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                              PNG0x705540xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                              PNG0x7109c0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                              RT_ICON0x726480x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 60472 x 60472 px/m0.14468236129184905
                                                                              RT_DIALOG0x82e700x286dataEnglishUnited States0.5092879256965944
                                                                              RT_DIALOG0x830f80x13adataEnglishUnited States0.60828025477707
                                                                              RT_DIALOG0x832340xecdataEnglishUnited States0.6991525423728814
                                                                              RT_DIALOG0x833200x12edataEnglishUnited States0.5927152317880795
                                                                              RT_DIALOG0x834500x338dataEnglishUnited States0.45145631067961167
                                                                              RT_DIALOG0x837880x252dataEnglishUnited States0.5757575757575758
                                                                              RT_STRING0x839dc0x1e2dataEnglishUnited States0.3900414937759336
                                                                              RT_STRING0x83bc00x1ccdataEnglishUnited States0.4282608695652174
                                                                              RT_STRING0x83d8c0x1b8dataEnglishUnited States0.45681818181818185
                                                                              RT_STRING0x83f440x146dataEnglishUnited States0.5153374233128835
                                                                              RT_STRING0x8408c0x46cdataEnglishUnited States0.3454063604240283
                                                                              RT_STRING0x844f80x166dataEnglishUnited States0.49162011173184356
                                                                              RT_STRING0x846600x152dataEnglishUnited States0.5059171597633136
                                                                              RT_STRING0x847b40x10adataEnglishUnited States0.49624060150375937
                                                                              RT_STRING0x848c00xbcdataEnglishUnited States0.6329787234042553
                                                                              RT_STRING0x8497c0x1c0dataEnglishUnited States0.5178571428571429
                                                                              RT_STRING0x84b3c0x250dataEnglishUnited States0.44256756756756754
                                                                              RT_GROUP_ICON0x84d8c0x14data1.15
                                                                              RT_MANIFEST0x84da00x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.39786666666666665

                                                                              Imports

                                                                              DLLImport
                                                                              KERNEL32.dllLocalFree, GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, GlobalMemoryStatusEx, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, HeapReAlloc, LCMapStringW, FindFirstFileExA
                                                                              OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                              gdiplus.dllGdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc

                                                                              Possible Origin

                                                                              Language of compilation systemCountry where language is spokenMap
                                                                              EnglishUnited States

                                                                              Network Behavior

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Dec 25, 2024 15:09:37.906691074 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:37.920068979 CET4972880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:37.935498953 CET497298080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:38.026695967 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:38.026844978 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:38.039616108 CET8049728101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:38.039693117 CET4972880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:38.042850971 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:38.043706894 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:38.055212021 CET808049729101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:38.055305958 CET497298080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:38.064531088 CET4972880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:38.064544916 CET4972880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:38.162389994 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:38.163212061 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:38.164055109 CET497298080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:38.164056063 CET497298080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:38.184175968 CET8049728101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:38.184269905 CET8049728101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:38.283613920 CET808049729101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:38.283636093 CET808049729101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:39.585582972 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:39.586146116 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:39.586146116 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:39.586179972 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:39.586179972 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:39.705749035 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:39.705794096 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:39.705837965 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:39.705847025 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:40.237364054 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:40.278141022 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:40.642030954 CET808049729101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:40.642112970 CET497298080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:40.642205000 CET497298080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:40.642416954 CET8049728101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:40.642642021 CET4972880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:40.642688036 CET4972880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:40.761811018 CET808049729101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:40.762221098 CET8049728101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:41.253568888 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:41.349718094 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:42.076662064 CET4973780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:42.091800928 CET497388080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:42.197432041 CET8049737101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:42.197547913 CET4973780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:42.211442947 CET808049738101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:42.211517096 CET497388080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:42.214674950 CET4973780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:42.214674950 CET4973780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:42.230107069 CET497388080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:42.230129957 CET497388080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:42.272135019 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:42.334829092 CET8049737101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:42.334846020 CET8049737101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:42.349689007 CET808049738101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:42.349703074 CET808049738101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:42.384732962 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:43.299993038 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:43.354985952 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:44.300210953 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:44.354990959 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:44.804904938 CET8049737101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:44.805030107 CET4973780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:44.805030107 CET4973780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:44.819330931 CET808049738101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:44.819469929 CET497388080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:44.819469929 CET497388080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:44.904320002 CET4974980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:44.919734001 CET497508080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:44.924662113 CET8049737101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:44.939047098 CET808049738101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:45.024090052 CET8049749101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:45.024245977 CET4974980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:45.039392948 CET808049750101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:45.039499044 CET497508080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:45.042776108 CET4974980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:45.042834997 CET4974980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:45.058665991 CET497508080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:45.058665991 CET497508080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:45.162309885 CET8049749101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:45.162344933 CET8049749101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:45.178559065 CET808049750101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:45.178574085 CET808049750101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:45.315476894 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:45.370683908 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:46.315408945 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:46.370620966 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:47.331250906 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:47.386693954 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:47.619564056 CET8049749101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:47.620343924 CET4974980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:47.620436907 CET4974980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:47.647419930 CET808049750101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:47.647490025 CET497508080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:47.647562027 CET497508080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:47.657588005 CET4975680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:47.740784883 CET8049749101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:47.767080069 CET808049750101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:47.777261972 CET8049756101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:47.777343988 CET4975680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:47.819250107 CET4975680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:47.819250107 CET4975680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:47.938851118 CET8049756101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:47.938874960 CET8049756101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:48.347069979 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:48.401865005 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:49.362891912 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:49.417500973 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:49.686841011 CET497628080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:49.806505919 CET808049762101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:49.806577921 CET497628080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:49.827229023 CET497628080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:49.827332973 CET497628080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:49.946839094 CET808049762101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:49.946851015 CET808049762101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:50.377413034 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:50.407279968 CET8049756101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:50.408222914 CET4975680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:50.410231113 CET4975680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:50.433120012 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:50.483000040 CET4976380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:50.529705048 CET8049756101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:50.603005886 CET8049763101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:50.603091002 CET4976380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:50.622463942 CET4976380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:50.622478962 CET4976380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:50.742397070 CET8049763101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:50.742439032 CET8049763101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:51.378344059 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:51.433118105 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:52.392286062 CET808049762101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:52.392471075 CET497628080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:52.392534971 CET497628080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:52.393569946 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:52.448750973 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:52.451508999 CET497698080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:52.512305975 CET808049762101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:52.571428061 CET808049769101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:52.571511984 CET497698080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:52.589472055 CET497698080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:52.589538097 CET497698080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:52.709158897 CET808049769101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:52.709197044 CET808049769101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:53.209112883 CET8049763101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:53.209228039 CET4976380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:53.209291935 CET4976380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:53.216980934 CET4977580192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:53.329047918 CET8049763101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:53.336550951 CET8049775101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:53.336631060 CET4977580192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:53.355209112 CET4977580192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:53.355210066 CET4977580192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:53.409049034 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:53.464586973 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:53.476438046 CET8049775101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:53.476483107 CET8049775101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:54.425026894 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:54.479998112 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:55.158154011 CET808049769101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:55.158324003 CET497698080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:55.158457994 CET497698080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:55.184587002 CET497768080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:55.278255939 CET808049769101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:55.304274082 CET808049776101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:55.304363012 CET497768080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:55.327534914 CET497768080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:55.327558041 CET497768080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:55.440277100 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:55.447128057 CET808049776101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:55.447159052 CET808049776101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:55.496593952 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:55.922342062 CET8049775101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:55.922447920 CET4977580192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:55.922487974 CET4977580192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:55.949944973 CET4978280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:56.042155981 CET8049775101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:56.069797039 CET8049782101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:56.072525024 CET4978280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:56.089508057 CET4978280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:56.089508057 CET4978280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:56.209175110 CET8049782101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:56.209216118 CET8049782101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:56.455915928 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:56.511255980 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:57.471873999 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:57.526874065 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:57.891380072 CET808049776101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:57.891443968 CET497768080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:57.891486883 CET497768080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:57.919037104 CET497878080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:58.011075020 CET808049776101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:58.038671017 CET808049787101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:58.038785934 CET497878080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:58.058343887 CET497878080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:58.058588028 CET497878080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:58.177854061 CET808049787101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:58.178035975 CET808049787101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:58.487273932 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:58.542500019 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:58.661353111 CET8049782101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:58.661433935 CET4978280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:58.661539078 CET4978280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:58.684722900 CET4978880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:58.781124115 CET8049782101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:58.804610968 CET8049788101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:58.804718971 CET4978880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:58.823905945 CET4978880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:58.824145079 CET4978880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:09:58.943465948 CET8049788101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:58.943633080 CET8049788101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:59.503541946 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:09:59.558183908 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:00.503369093 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:00.551186085 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:00.626349926 CET808049787101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:00.626416922 CET497878080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:00.626466036 CET497878080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:00.653593063 CET497938080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:00.746079922 CET808049787101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:00.773390055 CET808049793101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:00.773504019 CET497938080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:00.792732954 CET497938080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:00.792749882 CET497938080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:00.912499905 CET808049793101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:00.912516117 CET808049793101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:01.398262978 CET8049788101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:01.398335934 CET4978880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:01.398394108 CET4978880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:01.421717882 CET4979480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:01.518064976 CET8049788101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:01.518722057 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:01.541795015 CET8049794101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:01.541980982 CET4979480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:01.558260918 CET4979480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:01.558260918 CET4979480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:01.573818922 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:01.677952051 CET8049794101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:01.677969933 CET8049794101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:02.541157961 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:02.589379072 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:03.363053083 CET808049793101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:03.363130093 CET497938080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:03.363174915 CET497938080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:03.427907944 CET498008080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:03.482680082 CET808049793101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:03.547583103 CET808049800101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:03.547668934 CET498008080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:03.549587011 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:03.558212042 CET498008080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:03.558254957 CET498008080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:03.605017900 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:03.677750111 CET808049800101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:03.677865982 CET808049800101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:04.159446955 CET8049794101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:04.159518957 CET4979480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:04.159634113 CET4979480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:04.262305021 CET4980680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:04.279181957 CET8049794101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:04.381798029 CET8049806101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:04.381900072 CET4980680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:04.402031898 CET4980680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:04.402172089 CET4980680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:04.521605968 CET8049806101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:04.521620035 CET8049806101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:04.582139969 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:04.636251926 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:05.582480907 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:05.636284113 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:06.220108986 CET808049800101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:06.222335100 CET498008080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:06.222412109 CET498008080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:06.243804932 CET498098080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:06.341989994 CET808049800101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:06.363390923 CET808049809101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:06.363684893 CET498098080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:06.370815039 CET498098080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:06.370872021 CET498098080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:06.761262894 CET498098080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:06.893927097 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:06.894649029 CET808049809101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:06.894661903 CET808049809101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:06.894685984 CET808049809101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:06.948749065 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:06.994185925 CET8049806101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:06.994252920 CET4980680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:06.994307995 CET4980680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:06.998348951 CET4981380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:07.007941008 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:07.007991076 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:07.114084959 CET8049806101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:07.117845058 CET8049813101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:07.117912054 CET4981380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:07.136462927 CET4981380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:07.136462927 CET4981380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:07.256439924 CET8049813101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:07.256459951 CET8049813101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:07.614465952 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:07.670217037 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:08.627392054 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:08.667520046 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:09.367158890 CET808049809101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:09.367244005 CET498098080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:09.367346048 CET498098080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:09.404620886 CET498198080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:09.486856937 CET808049809101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:09.524209023 CET808049819101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:09.528424025 CET498198080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:09.542835951 CET498198080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:09.542835951 CET498198080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:09.643179893 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:09.662326097 CET808049819101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:09.662362099 CET808049819101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:09.698843002 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:09.726434946 CET8049813101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:09.726558924 CET4981380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:09.726790905 CET4981380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:09.734206915 CET4982080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:09.846296072 CET8049813101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:09.853841066 CET8049820101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:09.854216099 CET4982080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:09.870843887 CET4982080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:09.870843887 CET4982080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:09.990443945 CET8049820101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:09.990472078 CET8049820101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:10.659009933 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:10.714452028 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:11.659115076 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:11.714391947 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:12.132934093 CET808049819101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:12.133023024 CET498198080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:12.133160114 CET498198080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:12.139010906 CET498268080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:12.252748013 CET808049819101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:12.258466959 CET808049826101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:12.258565903 CET498268080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:12.277036905 CET498268080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:12.277054071 CET498268080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:12.396718979 CET808049826101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:12.396732092 CET808049826101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:12.459968090 CET8049820101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:12.460449934 CET4982080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:12.460531950 CET4982080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:12.467439890 CET4982780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:12.579974890 CET8049820101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:12.587033033 CET8049827101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:12.587096930 CET4982780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:12.605339050 CET4982780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:12.605351925 CET4982780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:12.674551010 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:12.724862099 CET8049827101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:12.724927902 CET8049827101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:12.730096102 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:13.703238010 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:13.745635033 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:14.705630064 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:14.745640039 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:14.851954937 CET808049826101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:14.852041960 CET498268080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:14.852121115 CET498268080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:14.872920990 CET498348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:14.971662998 CET808049826101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:14.992423058 CET808049834101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:14.992594957 CET498348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:15.011543989 CET498348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:15.011600018 CET498348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:15.131216049 CET808049834101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:15.131545067 CET808049834101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:15.211209059 CET8049827101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:15.212383032 CET4982780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:15.212477922 CET4982780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:15.310834885 CET4983780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:15.334541082 CET8049827101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:15.430519104 CET8049837101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:15.430596113 CET4983780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:15.449048042 CET4983780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:15.449084997 CET4983780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:15.568977118 CET8049837101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:15.569070101 CET8049837101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:15.721728086 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:15.761346102 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:16.736871004 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:16.777020931 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:17.585736990 CET808049834101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:17.588032961 CET498348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:17.594237089 CET498348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:17.673861027 CET498448080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:17.713757038 CET808049834101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:17.752531052 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:17.792515993 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:17.793633938 CET808049844101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:17.793889999 CET498448080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:17.933439970 CET498448080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:17.933521986 CET498448080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:18.025512934 CET8049837101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:18.025589943 CET4983780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:18.025732040 CET4983780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:18.043555975 CET4984780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:18.055562973 CET808049844101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:18.055597067 CET808049844101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:18.146522045 CET8049837101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:18.164695978 CET8049847101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:18.164839983 CET4984780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:18.183337927 CET4984780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:18.183362961 CET4984780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:18.302964926 CET8049847101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:18.303004980 CET8049847101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:18.769609928 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:18.823791027 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:19.784193039 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:19.839417934 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:20.405586004 CET808049844101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:20.405667067 CET498448080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:20.405744076 CET498448080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:20.450130939 CET498538080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:20.525377989 CET808049844101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:20.569812059 CET808049853101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:20.569911003 CET498538080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:20.589551926 CET498538080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:20.589642048 CET498538080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:20.709413052 CET808049853101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:20.709516048 CET808049853101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:20.758783102 CET8049847101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:20.758953094 CET4984780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:20.758953094 CET4984780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:20.777896881 CET4985480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:20.800246954 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:20.855144978 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:20.879297018 CET8049847101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:20.897521973 CET8049854101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:20.897609949 CET4985480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:20.917694092 CET4985480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:20.917694092 CET4985480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:21.037237883 CET8049854101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:21.037272930 CET8049854101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:21.815434933 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:21.870661020 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:22.831252098 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:22.886308908 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:23.166429996 CET808049853101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:23.166495085 CET498538080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:23.166552067 CET498538080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:23.184112072 CET498608080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:23.286129951 CET808049853101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:23.303648949 CET808049860101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:23.306319952 CET498608080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:23.324073076 CET498608080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:23.324073076 CET498608080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:23.445496082 CET808049860101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:23.445535898 CET808049860101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:23.490406990 CET8049854101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:23.494292021 CET4985480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:23.494340897 CET4985480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:23.512242079 CET4986280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:23.613949060 CET8049854101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:23.631803989 CET8049862101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:23.634284019 CET4986280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:23.652112961 CET4986280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:23.654237032 CET4986280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:23.771838903 CET8049862101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:23.773861885 CET8049862101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:23.847210884 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:23.901905060 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:24.862226009 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:24.917526007 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:25.877768993 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:25.903929949 CET808049860101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:25.904123068 CET498608080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:25.904159069 CET498608080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:25.917532921 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:25.918489933 CET498688080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:26.023874998 CET808049860101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:26.038273096 CET808049868101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:26.038352966 CET498688080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:26.058312893 CET498688080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:26.058358908 CET498688080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:26.177862883 CET808049868101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:26.177880049 CET808049868101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:26.225441933 CET8049862101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:26.225524902 CET4986280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:26.225574017 CET4986280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:26.246948957 CET4987180192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:26.345201969 CET8049862101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:26.366822958 CET8049871101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:26.366898060 CET4987180192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:26.386389971 CET4987180192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:26.390245914 CET4987180192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:26.508075953 CET8049871101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:26.510005951 CET8049871101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:26.893115044 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:26.948779106 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:27.909188986 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:27.964452028 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:28.664763927 CET808049868101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:28.664951086 CET498688080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:28.664987087 CET498688080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:28.764632940 CET498788080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:28.784710884 CET808049868101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:28.884344101 CET808049878101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:28.884490013 CET498788080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:28.903615952 CET498788080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:28.903709888 CET498788080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:28.924493074 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:28.968063116 CET8049871101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:28.968161106 CET4987180192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:28.968209982 CET4987180192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:28.980024099 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:28.981323004 CET4987980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:29.023592949 CET808049878101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:29.023633957 CET808049878101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:29.088239908 CET8049871101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:29.101051092 CET8049879101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:29.101286888 CET4987980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:29.120718002 CET4987980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:29.121047974 CET4987980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:29.240341902 CET8049879101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:29.240587950 CET8049879101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:29.940331936 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:29.980063915 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:30.956213951 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:31.011356115 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:31.491240978 CET808049878101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:31.491331100 CET498788080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:31.491431952 CET498788080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:31.497011900 CET498858080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:31.610907078 CET808049878101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:31.616573095 CET808049885101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:31.616652966 CET498858080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:31.636420965 CET498858080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:31.636470079 CET498858080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:31.699561119 CET8049879101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:31.702331066 CET4987980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:31.706744909 CET4987980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:31.715770960 CET4988680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:31.756107092 CET808049885101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:31.756140947 CET808049885101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:31.826356888 CET8049879101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:31.835346937 CET8049886101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:31.835560083 CET4988680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:31.855329037 CET4988680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:31.855329037 CET4988680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:31.971801996 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:31.975050926 CET8049886101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:31.975081921 CET8049886101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:32.026925087 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:32.987354994 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:33.042589903 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:34.002898932 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:34.042654991 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:34.227828979 CET808049885101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:34.227914095 CET498858080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:34.227963924 CET498858080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:34.231230021 CET498928080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:34.347498894 CET808049885101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:34.350852013 CET808049892101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:34.350919008 CET498928080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:34.370723009 CET498928080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:34.370783091 CET498928080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:34.426436901 CET8049886101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:34.426553011 CET4988680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:34.426628113 CET4988680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:34.450197935 CET4989480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:34.491386890 CET808049892101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:34.491421938 CET808049892101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:34.546471119 CET8049886101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:34.570113897 CET8049894101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:34.570193052 CET4989480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:34.589528084 CET4989480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:34.589546919 CET4989480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:34.709131002 CET8049894101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:34.709165096 CET8049894101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:35.018326998 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:35.073802948 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:36.033991098 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:36.089543104 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:37.001070023 CET808049892101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:37.001333952 CET498928080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:37.001333952 CET498928080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:37.049762011 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:37.074939013 CET499028080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:37.105185986 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:37.120913029 CET808049892101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:37.164705992 CET8049894101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:37.164777994 CET4989480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:37.164848089 CET4989480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:37.185085058 CET4990380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:37.194592953 CET808049902101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:37.194704056 CET499028080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:37.214719057 CET499028080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:37.214837074 CET499028080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:37.285743952 CET8049894101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:37.305582047 CET8049903101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:37.305732012 CET4990380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:37.323940039 CET4990380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:37.323940039 CET4990380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:37.334391117 CET808049902101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:37.334419966 CET808049902101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:37.443703890 CET8049903101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:37.443739891 CET8049903101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:38.065221071 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:38.120682955 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:39.080423117 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:39.120676994 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:39.787080050 CET808049902101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:39.787177086 CET499028080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:39.787231922 CET499028080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:39.809127092 CET499108080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:39.906770945 CET808049902101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:39.926522970 CET8049903101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:39.926589966 CET4990380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:39.926620007 CET4990380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:39.928678989 CET808049910101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:39.928752899 CET499108080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:39.949012041 CET499108080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:39.952399969 CET499108080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:40.028377056 CET4991280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:40.046130896 CET8049903101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:40.068636894 CET808049910101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:40.071958065 CET808049910101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:40.080877066 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:40.136295080 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:40.148408890 CET8049912101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:40.150823116 CET4991280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:40.167587042 CET4991280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:40.167704105 CET4991280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:40.287184000 CET8049912101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:40.287220955 CET8049912101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:41.097794056 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:41.151927948 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:42.119266033 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:42.167649984 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:42.529155016 CET808049910101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:42.532569885 CET499108080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:42.532569885 CET499108080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:42.543541908 CET499178080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:42.652128935 CET808049910101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:42.663048029 CET808049917101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:42.664602041 CET499178080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:42.683630943 CET499178080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:42.683630943 CET499178080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:42.741147041 CET8049912101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:42.741377115 CET4991280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:42.741458893 CET4991280192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:42.762840033 CET4991880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:42.803297997 CET808049917101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:42.803349018 CET808049917101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:42.860979080 CET8049912101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:42.882415056 CET8049918101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:42.882616997 CET4991880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:42.902379036 CET4991880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:42.902379990 CET4991880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:43.022273064 CET8049918101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:43.022309065 CET8049918101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:43.127871990 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:43.183176041 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:44.143516064 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:44.183175087 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:45.159296036 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:45.214425087 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:45.257508993 CET808049917101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:45.257575989 CET499178080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:45.257620096 CET499178080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:45.277857065 CET499258080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:45.377358913 CET808049917101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:45.398245096 CET808049925101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:45.398320913 CET499258080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:45.417960882 CET499258080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:45.417960882 CET499258080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:45.492512941 CET8049918101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:45.492609978 CET4991880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:45.492758036 CET4991880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:45.497652054 CET4992680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:45.537669897 CET808049925101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:45.537700891 CET808049925101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:45.612632990 CET8049918101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:45.617278099 CET8049926101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:45.620322943 CET4992680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:45.636459112 CET4992680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:45.636470079 CET4992680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:45.756237984 CET8049926101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:45.756270885 CET8049926101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:46.174403906 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:46.214416981 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:47.174897909 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:47.230052948 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:47.993541002 CET808049925101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:47.993791103 CET499258080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:47.993829966 CET499258080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:48.013284922 CET499348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:48.113404989 CET808049925101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:48.133096933 CET808049934101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:48.133198977 CET499348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:48.152484894 CET499348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:48.152543068 CET499348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:48.191572905 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:48.226315975 CET8049926101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:48.226382017 CET4992680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:48.226465940 CET4992680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:48.232070923 CET4993580192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:48.245668888 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:48.272159100 CET808049934101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:48.272191048 CET808049934101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:48.346055984 CET8049926101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:48.351821899 CET8049935101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:48.351955891 CET4993580192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:48.370953083 CET4993580192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:48.370965004 CET4993580192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:48.490623951 CET8049935101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:48.490659952 CET8049935101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:49.205955982 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:49.261339903 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:50.221283913 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:50.261317015 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:50.744066000 CET808049934101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:50.744308949 CET499348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:50.744409084 CET499348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:50.746951103 CET499428080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:50.863898993 CET808049934101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:50.866982937 CET808049942101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:50.867073059 CET499428080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:50.886858940 CET499428080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:50.886868954 CET499428080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:50.963104010 CET8049935101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:50.963258028 CET4993580192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:50.963308096 CET4993580192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:50.966177940 CET4994380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:51.006586075 CET808049942101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:51.006598949 CET808049942101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:51.082823038 CET8049935101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:51.085767031 CET8049943101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:51.085958958 CET4994380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:51.105248928 CET4994380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:51.106112003 CET4994380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:51.221582890 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:51.224678993 CET8049943101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:51.225548029 CET8049943101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:51.355070114 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:52.239841938 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:52.448839903 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:53.252856016 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:53.302018881 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:53.461786032 CET808049942101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:53.462032080 CET499428080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:53.462084055 CET499428080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:53.480973959 CET499508080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:53.581579924 CET808049942101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:53.600605011 CET808049950101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:53.602341890 CET499508080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:53.620857000 CET499508080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:53.621340990 CET499508080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:53.678045988 CET8049943101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:53.678400993 CET4994380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:53.678400993 CET4994380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:53.725008011 CET4995180192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:53.740345001 CET808049950101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:53.740731001 CET808049950101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:53.797950029 CET8049943101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:53.844683886 CET8049951101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:53.846520901 CET4995180192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:53.980230093 CET4995180192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:53.980248928 CET4995180192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:54.100020885 CET8049951101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:54.100033998 CET8049951101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:54.256263971 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:54.308197021 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:55.269217968 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:55.323807001 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:56.197055101 CET808049950101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:56.197124004 CET499508080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:56.197166920 CET499508080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:56.215490103 CET499578080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:56.316687107 CET808049950101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:56.317523956 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:56.335006952 CET808049957101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:56.335078001 CET499578080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:56.355125904 CET499578080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:56.355125904 CET499578080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:56.370687962 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:56.428669930 CET8049951101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:56.428741932 CET4995180192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:56.428778887 CET4995180192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:56.434176922 CET4995880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:56.474654913 CET808049957101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:56.474704981 CET808049957101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:56.548271894 CET8049951101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:56.553762913 CET8049958101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:56.553843021 CET4995880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:56.574126959 CET4995880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:56.574127913 CET4995880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:56.693665028 CET8049958101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:56.693690062 CET8049958101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:57.299565077 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:57.340326071 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:58.527513981 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:58.573810101 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:59.079242945 CET808049957101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:59.079374075 CET499578080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:59.079422951 CET499578080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:59.165365934 CET8049958101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:59.165447950 CET4995880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:59.165493965 CET4995880192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:59.168509960 CET4996780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:59.184137106 CET499688080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:59.199141979 CET808049957101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:59.284955025 CET8049958101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:59.287990093 CET8049967101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:59.288057089 CET4996780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:59.303622961 CET808049968101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:59.303689957 CET499688080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:59.308244944 CET4996780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:59.308316946 CET4996780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:59.323847055 CET499688080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:59.323895931 CET499688080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:59.331501961 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:59.386312962 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:10:59.427886009 CET8049967101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:59.427944899 CET8049967101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:59.443324089 CET808049968101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:10:59.443376064 CET808049968101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:00.346306086 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:00.403184891 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:01.362122059 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:01.417560101 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:01.883059025 CET8049967101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:01.883166075 CET4996780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:01.883166075 CET4996780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:01.899785042 CET808049968101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:01.899900913 CET499688080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:01.899902105 CET499688080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:01.902931929 CET4997480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:01.918433905 CET499758080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:02.003319025 CET8049967101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:02.020272017 CET808049968101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:02.022973061 CET8049974101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:02.023159981 CET4997480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:02.037931919 CET808049975101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:02.038105011 CET499758080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:02.042808056 CET4997480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:02.042808056 CET4997480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:02.058387041 CET499758080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:02.058387041 CET499758080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:02.162880898 CET8049974101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:02.162893057 CET8049974101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:02.178946972 CET808049975101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:02.179513931 CET808049975101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:02.366431952 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:02.417893887 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:03.382107019 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:03.433321953 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:04.397890091 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:04.448841095 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:04.648128986 CET8049974101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:04.648243904 CET4997480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:04.648243904 CET4997480192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:04.663661003 CET808049975101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:04.663758993 CET499758080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:04.663758993 CET499758080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:04.746906996 CET4998380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:04.763123989 CET499848080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:04.767777920 CET8049974101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:04.783710003 CET808049975101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:04.866556883 CET8049983101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:04.866720915 CET4998380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:04.882637024 CET808049984101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:04.883075953 CET499848080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:04.886497021 CET4998380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:04.886553049 CET4998380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:04.902009010 CET499848080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:04.902009010 CET499848080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:05.006098986 CET8049983101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:05.006113052 CET8049983101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:05.021756887 CET808049984101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:05.021768093 CET808049984101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:05.413309097 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:05.464513063 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:06.428555965 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:06.480081081 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:07.444488049 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:07.464589119 CET8049983101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:07.466336966 CET4998380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:07.475585938 CET4998380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:07.481228113 CET4999080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:07.495723963 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:07.518464088 CET808049984101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:07.518675089 CET499848080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:07.518728971 CET499848080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:07.595160961 CET8049983101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:07.596090078 CET499918080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:07.600673914 CET8049990101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:07.600780010 CET4999080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:07.623100042 CET4999080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:07.623100042 CET4999080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:07.638504982 CET808049984101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:07.715801001 CET808049991101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:07.717329025 CET499918080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:07.731053114 CET499918080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:07.731066942 CET499918080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:07.742676973 CET8049990101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:07.742837906 CET8049990101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:07.850481987 CET808049991101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:07.850506067 CET808049991101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:08.459965944 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:08.511343002 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:09.460411072 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:09.511332989 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:10.195240974 CET8049990101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:10.195328951 CET4999080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:10.195578098 CET4999080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:10.215440035 CET5000080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:10.315160036 CET8049990101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:10.335124016 CET8050000101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:10.335192919 CET5000080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:10.338005066 CET808049991101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:10.338077068 CET499918080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:10.338555098 CET499918080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:10.419141054 CET5000080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:10.419172049 CET5000080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:10.440406084 CET500018080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:10.457959890 CET808049991101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:10.475738049 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:10.526938915 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:10.538769007 CET8050000101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:10.538778067 CET8050000101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:10.560064077 CET808050001101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:10.560147047 CET500018080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:10.576296091 CET500018080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:10.576327085 CET500018080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:10.696105957 CET808050001101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:10.696122885 CET808050001101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:11.476274967 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:11.526956081 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:12.491394997 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:12.542587996 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:12.914159060 CET8050000101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:12.914230108 CET5000080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:12.914320946 CET5000080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:12.950825930 CET5000780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:13.033829927 CET8050000101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:13.070394993 CET8050007101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:13.074431896 CET5000780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:13.094068050 CET5000780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:13.094115973 CET5000780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:13.148394108 CET808050001101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:13.149324894 CET500018080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:13.149947882 CET500018080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:13.213730097 CET8050007101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:13.213742018 CET8050007101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:13.269435883 CET808050001101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:13.337698936 CET500108080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:13.457372904 CET808050010101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:13.457453012 CET500108080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:13.464939117 CET500108080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:13.465003967 CET500108080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:13.507749081 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:13.558212996 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:13.584461927 CET808050010101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:13.584485054 CET808050010101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:14.522496939 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:14.573827982 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:15.522955894 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:15.573926926 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:15.668399096 CET8050007101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:15.668509007 CET5000780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:15.668618917 CET5000780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:15.685729980 CET5001680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:15.788316965 CET8050007101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:15.805300951 CET8050016101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:15.806447029 CET5001680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:15.875953913 CET5001680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:15.876089096 CET5001680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:15.996131897 CET8050016101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:15.996186972 CET8050016101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:16.072549105 CET808050010101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:16.072738886 CET500108080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:16.072837114 CET500108080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:16.135292053 CET500178080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:16.192372084 CET808050010101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:16.254869938 CET808050017101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:16.254951954 CET500178080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:16.262000084 CET500178080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:16.262187004 CET500178080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:16.381519079 CET808050017101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:16.381580114 CET808050017101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:16.538583994 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:16.589472055 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:17.553719044 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:17.605070114 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:18.398137093 CET8050016101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:18.398242950 CET5001680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:18.398324966 CET5001680192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:18.418831110 CET5002380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:18.518064022 CET8050016101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:18.538552046 CET8050023101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:18.538640976 CET5002380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:18.554725885 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:18.559268951 CET5002380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:18.559268951 CET5002380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:18.605098963 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:18.678813934 CET8050023101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:18.678972006 CET8050023101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:18.857656956 CET808050017101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:18.858407974 CET500178080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:18.858453035 CET500178080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:18.965363026 CET500278080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:18.978183985 CET808050017101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:19.085294008 CET808050027101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:19.085377932 CET500278080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:19.105519056 CET500278080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:19.105534077 CET500278080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:19.225219965 CET808050027101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:19.225253105 CET808050027101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:19.571393013 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:19.620717049 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:20.585014105 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:20.636332989 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:21.134258032 CET8050023101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:21.134350061 CET5002380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:21.134407997 CET5002380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:21.152923107 CET5003380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:21.253953934 CET8050023101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:21.272521019 CET8050033101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:21.272603035 CET5003380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:21.292922974 CET5003380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:21.292968988 CET5003380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:21.414156914 CET8050033101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:21.414190054 CET8050033101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:21.600718021 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:21.643228054 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:21.681813955 CET808050027101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:21.681914091 CET500278080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:21.682193995 CET500278080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:21.700006962 CET500348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:21.801707029 CET808050027101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:21.819669962 CET808050034101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:21.819760084 CET500348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:21.839669943 CET500348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:21.839690924 CET500348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:21.959496021 CET808050034101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:21.959541082 CET808050034101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:22.601088047 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:22.651961088 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:23.616287947 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:23.667584896 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:23.874984026 CET8050033101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:23.875078917 CET5003380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:23.875124931 CET5003380192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:23.887475014 CET5003980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:23.994601965 CET8050033101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:24.007119894 CET8050039101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:24.007181883 CET5003980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:24.027004957 CET5003980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:24.027107000 CET5003980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:24.146500111 CET8050039101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:24.146514893 CET8050039101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:24.450077057 CET808050034101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:24.450164080 CET500348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:24.450242043 CET500348080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:24.544482946 CET500418080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:24.569704056 CET808050034101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:24.616445065 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:24.664060116 CET808050041101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:24.666439056 CET500418080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:24.670371056 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:24.683481932 CET500418080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:24.683481932 CET500418080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:24.803109884 CET808050041101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:24.803123951 CET808050041101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:25.632170916 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:25.683201075 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:26.618165016 CET8050039101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:26.618283033 CET5003980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:26.618283033 CET5003980192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:26.622390985 CET5004780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:26.647610903 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:26.698822975 CET497275651192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:26.737829924 CET8050039101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:26.741939068 CET8050047101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:26.742027998 CET5004780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:26.761538029 CET5004780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:26.761538029 CET5004780192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:26.881203890 CET8050047101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:26.881350994 CET8050047101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:27.258270979 CET808050041101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:27.258333921 CET500418080192.168.2.5101.99.91.150
                                                                              Dec 25, 2024 15:11:27.663496017 CET565149727101.99.91.150192.168.2.5
                                                                              Dec 25, 2024 15:11:27.714476109 CET497275651192.168.2.5101.99.91.150

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Dec 25, 2024 15:09:32.262176991 CET5351453192.168.2.51.1.1.1

                                                                              ICMP Packets

                                                                              TimestampSource IPDest IPChecksumCodeType
                                                                              Dec 25, 2024 15:09:21.942295074 CET192.168.2.58.8.8.84d5aEcho
                                                                              Dec 25, 2024 15:09:22.064661026 CET8.8.8.8192.168.2.5555aEcho Reply
                                                                              Dec 25, 2024 15:09:22.977360010 CET192.168.2.58.8.8.84d59Echo
                                                                              Dec 25, 2024 15:09:23.099682093 CET8.8.8.8192.168.2.55559Echo Reply
                                                                              Dec 25, 2024 15:09:24.070759058 CET192.168.2.58.8.8.84d58Echo
                                                                              Dec 25, 2024 15:09:24.193135023 CET8.8.8.8192.168.2.55558Echo Reply
                                                                              Dec 25, 2024 15:09:26.202913046 CET192.168.2.58.8.8.84d57Echo
                                                                              Dec 25, 2024 15:09:26.325519085 CET8.8.8.8192.168.2.55557Echo Reply

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                              Dec 25, 2024 15:09:32.262176991 CET192.168.2.51.1.1.10x510fStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                              Dec 25, 2024 15:09:32.479485035 CET1.1.1.1192.168.2.50x510fNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                              Dec 25, 2024 15:09:34.527988911 CET1.1.1.1192.168.2.50x2397No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                              Dec 25, 2024 15:09:34.527988911 CET1.1.1.1192.168.2.50x2397No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                                              HTTP Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.549728101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:09:38.064531088 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:09:38.064544916 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              1192.168.2.549737101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:09:42.214674950 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:09:42.214674950 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              2192.168.2.549749101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:09:45.042776108 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:09:45.042834997 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              3192.168.2.549756101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:09:47.819250107 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:09:47.819250107 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              4192.168.2.549763101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:09:50.622463942 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:09:50.622478962 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              5192.168.2.549775101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:09:53.355209112 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:09:53.355210066 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              6192.168.2.549782101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:09:56.089508057 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:09:56.089508057 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              7192.168.2.549788101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:09:58.823905945 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:09:58.824145079 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              8192.168.2.549794101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:01.558260918 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:01.558260918 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              9192.168.2.549806101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:04.402031898 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:04.402172089 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              10192.168.2.549813101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:07.136462927 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:07.136462927 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              11192.168.2.549820101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:09.870843887 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:09.870843887 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              12192.168.2.549827101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:12.605339050 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:12.605351925 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              13192.168.2.549837101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:15.449048042 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:15.449084997 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              14192.168.2.549847101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:18.183337927 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:18.183362961 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              15192.168.2.549854101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:20.917694092 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:20.917694092 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              16192.168.2.549862101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:23.652112961 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:23.654237032 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              17192.168.2.549871101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:26.386389971 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:26.390245914 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              18192.168.2.549879101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:29.120718002 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:29.121047974 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              19192.168.2.549886101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:31.855329037 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:31.855329037 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              20192.168.2.549894101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:34.589528084 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:34.589546919 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              21192.168.2.549903101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:37.323940039 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:37.323940039 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              22192.168.2.549912101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:40.167587042 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:40.167704105 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              23192.168.2.549918101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:42.902379036 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:42.902379990 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              24192.168.2.549926101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:45.636459112 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:45.636470079 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              25192.168.2.549935101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:48.370953083 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:48.370965004 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              26192.168.2.549943101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:51.105248928 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:51.106112003 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              27192.168.2.549951101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:53.980230093 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:53.980248928 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              28192.168.2.549958101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:56.574126959 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:56.574127913 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              29192.168.2.549967101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:10:59.308244944 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:10:59.308316946 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              30192.168.2.549974101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:11:02.042808056 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:11:02.042808056 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              31192.168.2.549983101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:11:04.886497021 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:11:04.886553049 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              32192.168.2.549990101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:11:07.623100042 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:11:07.623100042 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              33192.168.2.550000101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:11:10.419141054 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:11:10.419172049 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              34192.168.2.550007101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:11:13.094068050 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:11:13.094115973 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              35192.168.2.550016101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:11:15.875953913 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:11:15.876089096 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              36192.168.2.550023101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:11:18.559268951 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:11:18.559268951 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              37192.168.2.550033101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:11:21.292922974 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:11:21.292968988 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              38192.168.2.550039101.99.91.150807464C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:11:24.027004957 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:11:24.027107000 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                              39192.168.2.550047101.99.91.15080
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 25, 2024 15:11:26.761538029 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Dec 25, 2024 15:11:26.761538029 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              General

                                                                              Target ID:0
                                                                              Start time:09:09:18
                                                                              Start date:25/12/2024
                                                                              Path:C:\Users\user\Desktop\0442.pdf.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\Desktop\0442.pdf.exe"
                                                                              Imagebase:0x7ff7c1050000
                                                                              File size:11'409'543 bytes
                                                                              MD5 hash:4F6B2B9EE57C50D6C505D0CDADA4803E
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:2
                                                                              Start time:09:09:19
                                                                              Start date:25/12/2024
                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ms.msi" /qn
                                                                              Imagebase:0x7ff7581b0000
                                                                              File size:69'632 bytes
                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:3
                                                                              Start time:09:09:19
                                                                              Start date:25/12/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\start.bat" "
                                                                              Imagebase:0x7ff70e350000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:4
                                                                              Start time:09:09:19
                                                                              Start date:25/12/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff6d64d0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:5
                                                                              Start time:09:09:20
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\doc.pdf"
                                                                              Imagebase:0x7ff686a00000
                                                                              File size:5'641'176 bytes
                                                                              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:6
                                                                              Start time:09:09:20
                                                                              Start date:25/12/2024
                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\msiexec.exe /V
                                                                              Imagebase:0x7ff7581b0000
                                                                              File size:69'632 bytes
                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:7
                                                                              Start time:09:09:20
                                                                              Start date:25/12/2024
                                                                              Path:C:\Windows\System32\PING.EXE
                                                                              Wow64 process (32bit):false
                                                                              Commandline:ping 8.8.8.8
                                                                              Imagebase:0x7ff6ce120000
                                                                              File size:22'528 bytes
                                                                              MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:8
                                                                              Start time:09:09:20
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\doc2.pdf"
                                                                              Imagebase:0x7ff686a00000
                                                                              File size:5'641'176 bytes
                                                                              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:9
                                                                              Start time:09:09:22
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                              Imagebase:0x7ff6413e0000
                                                                              File size:3'581'912 bytes
                                                                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:10
                                                                              Start time:09:09:22
                                                                              Start date:25/12/2024
                                                                              Path:C:\Windows\System32\svchost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                              Imagebase:0x7ff7e52b0000
                                                                              File size:55'320 bytes
                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:11
                                                                              Start time:09:09:22
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2060 --field-trial-handle=1552,i,17805124399869270899,13465825051320202542,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                              Imagebase:0x7ff6413e0000
                                                                              File size:3'581'912 bytes
                                                                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:13
                                                                              Start time:09:09:30
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /siex /silentinstall
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000000D.00000000.2157625763.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe, Author: Joe Security
                                                                              Antivirus matches:
                                                                              • Detection: 3%, ReversingLabs
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:14
                                                                              Start time:09:09:30
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /siex /silentinstall
                                                                              Imagebase:0x400000
                                                                              File size:7'753'808 bytes
                                                                              MD5 hash:F3D74B072B9697CF64B0B8445FDC8128
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000000E.00000000.2162132291.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe, Author: Joe Security
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe, Author: Joe Security
                                                                              Antivirus matches:
                                                                              • Detection: 8%, ReversingLabs
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:15
                                                                              Start time:09:09:32
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /firewall
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:16
                                                                              Start time:09:09:32
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /firewall
                                                                              Imagebase:0x400000
                                                                              File size:7'753'808 bytes
                                                                              MD5 hash:F3D74B072B9697CF64B0B8445FDC8128
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:17
                                                                              Start time:09:09:33
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /start
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:19
                                                                              Start time:09:09:34
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /start
                                                                              Imagebase:0x400000
                                                                              File size:7'753'808 bytes
                                                                              MD5 hash:F3D74B072B9697CF64B0B8445FDC8128
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:20
                                                                              Start time:09:09:34
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe"
                                                                              Imagebase:0x400000
                                                                              File size:7'753'808 bytes
                                                                              MD5 hash:F3D74B072B9697CF64B0B8445FDC8128
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:21
                                                                              Start time:09:09:36
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe"
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:22
                                                                              Start time:09:09:36
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:23
                                                                              Start time:09:09:36
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:24
                                                                              Start time:09:09:37
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:25
                                                                              Start time:09:09:38
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:26
                                                                              Start time:09:09:39
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:27
                                                                              Start time:09:09:40
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:29
                                                                              Start time:09:10:49
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:30
                                                                              Start time:09:10:54
                                                                              Start date:25/12/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              Disassembly

                                                                              Reset < >

                                                                                Execution Graph

                                                                                Execution Coverage:11.9%
                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                Signature Coverage:27.6%
                                                                                Total number of Nodes:2000
                                                                                Total number of Limit Nodes:30
                                                                                execution_graph 25366 7ff7c1082d6c 25391 7ff7c10827fc 25366->25391 25369 7ff7c1082eb8 25489 7ff7c1083170 7 API calls 2 library calls 25369->25489 25370 7ff7c1082d88 __scrt_acquire_startup_lock 25372 7ff7c1082ec2 25370->25372 25374 7ff7c1082da6 25370->25374 25490 7ff7c1083170 7 API calls 2 library calls 25372->25490 25375 7ff7c1082dcb 25374->25375 25381 7ff7c1082de8 __scrt_release_startup_lock 25374->25381 25399 7ff7c108cd90 25374->25399 25376 7ff7c1082ecd abort 25378 7ff7c1082e51 25403 7ff7c10832bc 25378->25403 25380 7ff7c1082e56 25406 7ff7c108cd20 25380->25406 25381->25378 25486 7ff7c108c050 35 API calls __GSHandlerCheck_EH 25381->25486 25491 7ff7c1082fb0 25391->25491 25394 7ff7c108282b 25493 7ff7c108cc50 25394->25493 25395 7ff7c1082827 25395->25369 25395->25370 25400 7ff7c108cdeb 25399->25400 25401 7ff7c108cdcc 25399->25401 25400->25381 25401->25400 25510 7ff7c1051120 25401->25510 25573 7ff7c1083cf0 25403->25573 25405 7ff7c10832d3 GetStartupInfoW 25405->25380 25575 7ff7c1090730 25406->25575 25408 7ff7c108cd2f 25409 7ff7c1082e5e 25408->25409 25579 7ff7c1090ac0 35 API calls swprintf 25408->25579 25411 7ff7c1080754 25409->25411 25581 7ff7c106dfd0 25411->25581 25415 7ff7c108079a 25668 7ff7c107946c 25415->25668 25417 7ff7c10807a4 __scrt_get_show_window_mode 25673 7ff7c1079a14 25417->25673 25419 7ff7c108096e GetCommandLineW 25422 7ff7c1080980 25419->25422 25461 7ff7c1080b42 25419->25461 25420 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 25421 7ff7c1080de2 25420->25421 25735 7ff7c1087904 25421->25735 25740 7ff7c105129c 25422->25740 25424 7ff7c1080819 25424->25419 25468 7ff7c1080ddc 25424->25468 25426 7ff7c1080b51 25429 7ff7c1051fa0 31 API calls 25426->25429 25433 7ff7c1080b68 memcpy_s 25426->25433 25428 7ff7c10809a5 25750 7ff7c107cad0 102 API calls 3 library calls 25428->25750 25429->25433 25695 7ff7c1051fa0 25433->25695 25434 7ff7c1080b93 SetEnvironmentVariableW GetLocalTime 25700 7ff7c1063e28 25434->25700 25437 7ff7c10809af 25437->25421 25440 7ff7c10809f9 OpenFileMappingW 25437->25440 25445 7ff7c1080adb 25437->25445 25442 7ff7c1080a19 MapViewOfFile 25440->25442 25443 7ff7c1080ad0 CloseHandle 25440->25443 25442->25443 25446 7ff7c1080a3f UnmapViewOfFile MapViewOfFile 25442->25446 25443->25461 25448 7ff7c105129c 33 API calls 25445->25448 25446->25443 25449 7ff7c1080a71 25446->25449 25447 7ff7c1080c75 25728 7ff7c10767b4 25447->25728 25451 7ff7c1080b00 25448->25451 25751 7ff7c107a190 33 API calls 2 library calls 25449->25751 25755 7ff7c107fd0c 35 API calls 2 library calls 25451->25755 25453 7ff7c1080a81 25752 7ff7c107fd0c 35 API calls 2 library calls 25453->25752 25456 7ff7c1080b0a 25456->25461 25463 7ff7c1080dd7 25456->25463 25458 7ff7c10767b4 33 API calls 25460 7ff7c1080c87 DialogBoxParamW 25458->25460 25459 7ff7c1080a90 25753 7ff7c106b9b4 102 API calls 25459->25753 25469 7ff7c1080cd3 25460->25469 25683 7ff7c1066454 25461->25683 25466 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 25463->25466 25464 7ff7c1080aa5 25754 7ff7c106bb00 102 API calls 25464->25754 25466->25468 25467 7ff7c1080ab8 25473 7ff7c1080ac7 UnmapViewOfFile 25467->25473 25468->25420 25470 7ff7c1080cec 25469->25470 25471 7ff7c1080ce6 Sleep 25469->25471 25472 7ff7c1080cfa 25470->25472 25756 7ff7c1079f4c 49 API calls 2 library calls 25470->25756 25471->25470 25475 7ff7c1080d06 DeleteObject 25472->25475 25473->25443 25476 7ff7c1080d25 25475->25476 25477 7ff7c1080d1f DeleteObject 25475->25477 25478 7ff7c1080d6d 25476->25478 25479 7ff7c1080d5b 25476->25479 25477->25476 25731 7ff7c10794e4 25478->25731 25757 7ff7c107fe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 25479->25757 25482 7ff7c1080d60 CloseHandle 25482->25478 25486->25378 25489->25372 25490->25376 25492 7ff7c108281e __scrt_dllmain_crt_thread_attach 25491->25492 25492->25394 25492->25395 25494 7ff7c1090d4c 25493->25494 25495 7ff7c1082830 25494->25495 25498 7ff7c108ec00 25494->25498 25495->25395 25497 7ff7c10851a0 7 API calls 2 library calls 25495->25497 25497->25395 25509 7ff7c108f398 EnterCriticalSection 25498->25509 25515 7ff7c10591c8 25510->25515 25514 7ff7c1082a01 25514->25401 25523 7ff7c10656a4 25515->25523 25517 7ff7c10591df 25526 7ff7c106b788 25517->25526 25521 7ff7c1051130 25522 7ff7c10829bc 34 API calls 25521->25522 25522->25514 25532 7ff7c10656e8 25523->25532 25541 7ff7c10513a4 25526->25541 25529 7ff7c1059a28 25530 7ff7c10656e8 2 API calls 25529->25530 25531 7ff7c1059a36 25530->25531 25531->25521 25533 7ff7c10656fe __scrt_get_show_window_mode 25532->25533 25536 7ff7c106eba4 25533->25536 25539 7ff7c106eb58 GetCurrentProcess GetProcessAffinityMask 25536->25539 25540 7ff7c10656de 25539->25540 25540->25517 25542 7ff7c10513ad 25541->25542 25550 7ff7c105142d 25541->25550 25543 7ff7c105143d 25542->25543 25545 7ff7c10513ce 25542->25545 25561 7ff7c1052018 33 API calls std::_Xinvalid_argument 25543->25561 25548 7ff7c10513db __scrt_get_show_window_mode 25545->25548 25551 7ff7c10821d0 25545->25551 25560 7ff7c105197c 31 API calls _invalid_parameter_noinfo_noreturn 25548->25560 25550->25529 25555 7ff7c10821db 25551->25555 25552 7ff7c10821f4 25552->25548 25554 7ff7c10821fa 25556 7ff7c1082205 25554->25556 25565 7ff7c1082f7c RtlPcToFileHeader RaiseException _com_raise_error std::bad_alloc::bad_alloc 25554->25565 25555->25552 25555->25554 25562 7ff7c108bbc0 25555->25562 25566 7ff7c1051f80 33 API calls 3 library calls 25556->25566 25559 7ff7c108220b 25560->25550 25567 7ff7c108bc00 25562->25567 25565->25556 25566->25559 25572 7ff7c108f398 EnterCriticalSection 25567->25572 25574 7ff7c1083cd0 25573->25574 25574->25405 25574->25574 25576 7ff7c1090749 25575->25576 25577 7ff7c109073d 25575->25577 25576->25408 25580 7ff7c1090570 48 API calls 4 library calls 25577->25580 25579->25408 25580->25576 25758 7ff7c1082450 25581->25758 25584 7ff7c106e07b 25588 7ff7c106e503 25584->25588 25800 7ff7c108b788 39 API calls 2 library calls 25584->25800 25585 7ff7c106e026 GetProcAddress 25586 7ff7c106e03b 25585->25586 25587 7ff7c106e053 GetProcAddress 25585->25587 25586->25587 25587->25584 25590 7ff7c106e068 25587->25590 25589 7ff7c1066454 34 API calls 25588->25589 25592 7ff7c106e50c 25589->25592 25590->25584 25760 7ff7c1067df4 25592->25760 25593 7ff7c106e3b0 25593->25588 25595 7ff7c106e3ba 25593->25595 25596 7ff7c1066454 34 API calls 25595->25596 25597 7ff7c106e3c3 CreateFileW 25596->25597 25598 7ff7c106e403 SetFilePointer 25597->25598 25599 7ff7c106e4f0 CloseHandle 25597->25599 25598->25599 25601 7ff7c106e41c ReadFile 25598->25601 25602 7ff7c1051fa0 31 API calls 25599->25602 25601->25599 25603 7ff7c106e444 25601->25603 25602->25588 25604 7ff7c106e458 25603->25604 25605 7ff7c106e800 25603->25605 25610 7ff7c105129c 33 API calls 25604->25610 25816 7ff7c1082624 8 API calls 25605->25816 25607 7ff7c105129c 33 API calls 25613 7ff7c106e51a 25607->25613 25608 7ff7c106e805 25609 7ff7c106e53e CompareStringW 25609->25613 25612 7ff7c106e48f 25610->25612 25621 7ff7c106e4db 25612->25621 25801 7ff7c106d0a0 33 API calls 25612->25801 25613->25607 25613->25609 25614 7ff7c1051fa0 31 API calls 25613->25614 25642 7ff7c106e5cc 25613->25642 25768 7ff7c10651a4 25613->25768 25773 7ff7c1068090 25613->25773 25777 7ff7c10632bc 25613->25777 25614->25613 25616 7ff7c106e648 25802 7ff7c1067eb0 47 API calls 25616->25802 25617 7ff7c106e7c2 25619 7ff7c1051fa0 31 API calls 25617->25619 25623 7ff7c106e7cb 25619->25623 25624 7ff7c1051fa0 31 API calls 25621->25624 25622 7ff7c106e651 25626 7ff7c10651a4 9 API calls 25622->25626 25628 7ff7c1051fa0 31 API calls 25623->25628 25625 7ff7c106e4e5 25624->25625 25629 7ff7c1051fa0 31 API calls 25625->25629 25630 7ff7c106e656 25626->25630 25627 7ff7c105129c 33 API calls 25627->25642 25631 7ff7c106e7d5 25628->25631 25629->25599 25632 7ff7c106e706 25630->25632 25639 7ff7c106e661 25630->25639 25791 7ff7c1082320 25631->25791 25635 7ff7c106da98 48 API calls 25632->25635 25633 7ff7c1068090 47 API calls 25633->25642 25637 7ff7c106e74b AllocConsole 25635->25637 25640 7ff7c106e755 GetCurrentProcessId AttachConsole 25637->25640 25641 7ff7c106e6fb 25637->25641 25638 7ff7c1051fa0 31 API calls 25638->25642 25803 7ff7c106aae0 25639->25803 25643 7ff7c106e76c 25640->25643 25815 7ff7c10519e0 31 API calls _invalid_parameter_noinfo_noreturn 25641->25815 25642->25627 25642->25633 25642->25638 25644 7ff7c10632bc 51 API calls 25642->25644 25649 7ff7c106e63a 25642->25649 25651 7ff7c106e778 GetStdHandle WriteConsoleW Sleep FreeConsole 25643->25651 25644->25642 25647 7ff7c106e7b9 ExitProcess 25649->25616 25649->25617 25651->25641 25653 7ff7c106aae0 48 API calls 25654 7ff7c106e6ce 25653->25654 25813 7ff7c106dc2c 33 API calls 25654->25813 25656 7ff7c106e6da 25814 7ff7c10519e0 31 API calls _invalid_parameter_noinfo_noreturn 25656->25814 25658 7ff7c10662dc GetCurrentDirectoryW 25659 7ff7c1066300 25658->25659 25664 7ff7c106638d 25658->25664 25660 7ff7c10513a4 33 API calls 25659->25660 25661 7ff7c106631b GetCurrentDirectoryW 25660->25661 25662 7ff7c1066341 25661->25662 26018 7ff7c10520b0 25662->26018 25664->25415 25665 7ff7c106634f 25665->25664 25666 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 25665->25666 25667 7ff7c10663a9 25666->25667 25669 7ff7c106dd88 25668->25669 25670 7ff7c1079481 OleInitialize 25669->25670 25671 7ff7c10794a7 25670->25671 25672 7ff7c10794cd SHGetMalloc 25671->25672 25672->25417 25674 7ff7c1079a49 25673->25674 25677 7ff7c1079a4e memcpy_s 25673->25677 25675 7ff7c1051fa0 31 API calls 25674->25675 25675->25677 25676 7ff7c1051fa0 31 API calls 25678 7ff7c1079a7d memcpy_s 25676->25678 25677->25676 25677->25678 25679 7ff7c1051fa0 31 API calls 25678->25679 25680 7ff7c1079aac memcpy_s 25678->25680 25679->25680 25681 7ff7c1051fa0 31 API calls 25680->25681 25682 7ff7c1079adb memcpy_s 25680->25682 25681->25682 25682->25424 25684 7ff7c10513a4 33 API calls 25683->25684 25685 7ff7c1066489 25684->25685 25686 7ff7c106648c GetModuleFileNameW 25685->25686 25689 7ff7c10664dc 25685->25689 25687 7ff7c10664de 25686->25687 25688 7ff7c10664a7 25686->25688 25687->25689 25688->25685 25690 7ff7c105129c 33 API calls 25689->25690 25692 7ff7c1066506 25690->25692 25691 7ff7c106653e 25691->25426 25692->25691 25693 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 25692->25693 25694 7ff7c1066560 25693->25694 25696 7ff7c1051fb3 25695->25696 25697 7ff7c1051fdc 25695->25697 25696->25697 25698 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 25696->25698 25697->25434 25699 7ff7c1052000 25698->25699 25701 7ff7c1063e4d _snwprintf 25700->25701 25702 7ff7c1089ef0 swprintf 46 API calls 25701->25702 25703 7ff7c1063e69 SetEnvironmentVariableW GetModuleHandleW LoadIconW 25702->25703 25704 7ff7c107b014 LoadBitmapW 25703->25704 25705 7ff7c107b03e 25704->25705 25706 7ff7c107b046 25704->25706 26023 7ff7c1078624 FindResourceW 25705->26023 25708 7ff7c107b04e GetObjectW 25706->25708 25709 7ff7c107b063 25706->25709 25708->25709 26038 7ff7c107849c 25709->26038 25712 7ff7c107b0ce 25723 7ff7c10698ac 25712->25723 25713 7ff7c107b09e 26043 7ff7c1078504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25713->26043 25714 7ff7c1078624 11 API calls 25716 7ff7c107b08a 25714->25716 25716->25713 25718 7ff7c107b092 DeleteObject 25716->25718 25717 7ff7c107b0a7 26044 7ff7c10784cc 25717->26044 25718->25713 25722 7ff7c107b0bf DeleteObject 25722->25712 26051 7ff7c10698dc 25723->26051 25725 7ff7c10698ba 26118 7ff7c106a43c GetModuleHandleW FindResourceW 25725->26118 25727 7ff7c10698c2 25727->25447 25729 7ff7c10821d0 33 API calls 25728->25729 25730 7ff7c10767fa 25729->25730 25730->25458 25732 7ff7c1079501 25731->25732 25733 7ff7c107950a OleUninitialize 25732->25733 25734 7ff7c10be330 25733->25734 26200 7ff7c108783c 31 API calls 2 library calls 25735->26200 25737 7ff7c108791d 26201 7ff7c1087934 16 API calls abort 25737->26201 25741 7ff7c105139b 25740->25741 25742 7ff7c10512d0 25740->25742 26203 7ff7c1052004 33 API calls std::_Xinvalid_argument 25741->26203 25745 7ff7c1051338 25742->25745 25746 7ff7c1051396 25742->25746 25749 7ff7c10512de memcpy_s 25742->25749 25748 7ff7c10821d0 33 API calls 25745->25748 25745->25749 26202 7ff7c1051f80 33 API calls 3 library calls 25746->26202 25748->25749 25749->25428 25750->25437 25751->25453 25752->25459 25753->25464 25754->25467 25755->25456 25756->25472 25757->25482 25759 7ff7c106dff4 GetModuleHandleW 25758->25759 25759->25584 25759->25585 25761 7ff7c1067e0c 25760->25761 25762 7ff7c1067e23 25761->25762 25763 7ff7c1067e55 25761->25763 25765 7ff7c105129c 33 API calls 25762->25765 25817 7ff7c105704c 47 API calls memcpy_s 25763->25817 25767 7ff7c1067e47 25765->25767 25766 7ff7c1067e5a 25767->25613 25769 7ff7c10651c8 GetVersionExW 25768->25769 25770 7ff7c10651fb 25768->25770 25769->25770 25771 7ff7c1082320 _handle_error 8 API calls 25770->25771 25772 7ff7c1065228 25771->25772 25772->25613 25774 7ff7c10680a5 25773->25774 25818 7ff7c1068188 25774->25818 25776 7ff7c10680ca 25776->25613 25778 7ff7c10632e7 GetFileAttributesW 25777->25778 25779 7ff7c10632e4 25777->25779 25780 7ff7c10632f8 25778->25780 25781 7ff7c1063375 25778->25781 25779->25778 25827 7ff7c1066a0c 25780->25827 25782 7ff7c1082320 _handle_error 8 API calls 25781->25782 25784 7ff7c1063389 25782->25784 25784->25613 25786 7ff7c106333c 25786->25781 25788 7ff7c1063399 25786->25788 25787 7ff7c1063323 GetFileAttributesW 25787->25786 25789 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 25788->25789 25790 7ff7c106339e 25789->25790 25792 7ff7c1082329 25791->25792 25793 7ff7c106e7e4 25792->25793 25794 7ff7c1082550 IsProcessorFeaturePresent 25792->25794 25793->25658 25795 7ff7c1082568 25794->25795 25917 7ff7c1082744 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 25795->25917 25797 7ff7c108257b 25918 7ff7c1082510 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 25797->25918 25800->25593 25801->25612 25802->25622 25804 7ff7c106aaf3 25803->25804 25919 7ff7c1069774 25804->25919 25807 7ff7c106ab58 LoadStringW 25808 7ff7c106ab86 25807->25808 25809 7ff7c106ab71 LoadStringW 25807->25809 25810 7ff7c106da98 25808->25810 25809->25808 25945 7ff7c106d874 25810->25945 25813->25656 25814->25641 25815->25647 25816->25608 25817->25766 25819 7ff7c1068326 25818->25819 25822 7ff7c10681ba 25818->25822 25826 7ff7c105704c 47 API calls memcpy_s 25819->25826 25821 7ff7c106832b 25824 7ff7c10681d4 memcpy_s 25822->25824 25825 7ff7c10658a4 33 API calls 2 library calls 25822->25825 25824->25776 25825->25824 25826->25821 25828 7ff7c1066a4b 25827->25828 25847 7ff7c1066a44 25827->25847 25831 7ff7c105129c 33 API calls 25828->25831 25829 7ff7c1082320 _handle_error 8 API calls 25830 7ff7c106331f 25829->25830 25830->25786 25830->25787 25832 7ff7c1066a76 25831->25832 25833 7ff7c1066cc7 25832->25833 25834 7ff7c1066a96 25832->25834 25835 7ff7c10662dc 35 API calls 25833->25835 25836 7ff7c1066ab0 25834->25836 25862 7ff7c1066b49 25834->25862 25840 7ff7c1066ce6 25835->25840 25837 7ff7c10670ab 25836->25837 25900 7ff7c105c098 33 API calls 2 library calls 25836->25900 25912 7ff7c1052004 33 API calls std::_Xinvalid_argument 25837->25912 25839 7ff7c1066eef 25884 7ff7c10670cf 25839->25884 25909 7ff7c105c098 33 API calls 2 library calls 25839->25909 25840->25839 25843 7ff7c1066d1b 25840->25843 25845 7ff7c1066b44 25840->25845 25841 7ff7c10670b1 25851 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 25841->25851 25876 7ff7c10670bd 25843->25876 25903 7ff7c105c098 33 API calls 2 library calls 25843->25903 25844 7ff7c10670d5 25852 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 25844->25852 25845->25841 25845->25844 25845->25847 25853 7ff7c10670a6 25845->25853 25847->25829 25848 7ff7c1066b03 25863 7ff7c1051fa0 31 API calls 25848->25863 25873 7ff7c1066b15 memcpy_s 25848->25873 25860 7ff7c10670b7 25851->25860 25861 7ff7c10670db 25852->25861 25859 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 25853->25859 25854 7ff7c1066f56 25910 7ff7c10511cc 33 API calls memcpy_s 25854->25910 25856 7ff7c10670c3 25868 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 25856->25868 25857 7ff7c1066d76 memcpy_s 25857->25856 25870 7ff7c1051fa0 31 API calls 25857->25870 25858 7ff7c1051fa0 31 API calls 25858->25845 25859->25837 25869 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 25860->25869 25871 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 25861->25871 25862->25845 25865 7ff7c105129c 33 API calls 25862->25865 25863->25873 25872 7ff7c1066bbe 25865->25872 25866 7ff7c1066f69 25911 7ff7c10657ac 33 API calls memcpy_s 25866->25911 25875 7ff7c10670c9 25868->25875 25869->25876 25882 7ff7c1066df5 25870->25882 25877 7ff7c10670e1 25871->25877 25901 7ff7c1065820 33 API calls 25872->25901 25873->25858 25914 7ff7c105704c 47 API calls memcpy_s 25875->25914 25913 7ff7c1052004 33 API calls std::_Xinvalid_argument 25876->25913 25878 7ff7c1066bd3 25902 7ff7c105e164 33 API calls 2 library calls 25878->25902 25881 7ff7c1051fa0 31 API calls 25885 7ff7c1066fec 25881->25885 25886 7ff7c1066e21 25882->25886 25904 7ff7c1051744 33 API calls 4 library calls 25882->25904 25883 7ff7c1066f79 memcpy_s 25883->25861 25883->25881 25915 7ff7c1052004 33 API calls std::_Xinvalid_argument 25884->25915 25887 7ff7c1051fa0 31 API calls 25885->25887 25886->25875 25892 7ff7c105129c 33 API calls 25886->25892 25890 7ff7c1066ff6 25887->25890 25889 7ff7c1051fa0 31 API calls 25894 7ff7c1066c6d 25889->25894 25891 7ff7c1051fa0 31 API calls 25890->25891 25891->25845 25896 7ff7c1066ec2 25892->25896 25893 7ff7c1066be9 memcpy_s 25893->25860 25893->25889 25895 7ff7c1051fa0 31 API calls 25894->25895 25895->25845 25905 7ff7c1052034 25896->25905 25898 7ff7c1066edf 25899 7ff7c1051fa0 31 API calls 25898->25899 25899->25845 25900->25848 25901->25878 25902->25893 25903->25857 25904->25886 25906 7ff7c1052085 25905->25906 25908 7ff7c1052059 memcpy_s 25905->25908 25916 7ff7c10515b8 33 API calls 3 library calls 25906->25916 25908->25898 25909->25854 25910->25866 25911->25883 25914->25884 25916->25908 25917->25797 25926 7ff7c1069638 25919->25926 25922 7ff7c10697d9 25924 7ff7c1082320 _handle_error 8 API calls 25922->25924 25925 7ff7c10697f2 25924->25925 25925->25807 25925->25808 25927 7ff7c1069692 25926->25927 25935 7ff7c1069730 25926->25935 25931 7ff7c10696c0 25927->25931 25940 7ff7c1070f68 WideCharToMultiByte 25927->25940 25929 7ff7c1082320 _handle_error 8 API calls 25930 7ff7c1069764 25929->25930 25930->25922 25936 7ff7c1069800 25930->25936 25934 7ff7c10696ef 25931->25934 25942 7ff7c106aa88 45 API calls _snwprintf 25931->25942 25943 7ff7c108a270 31 API calls 2 library calls 25934->25943 25935->25929 25937 7ff7c1069840 25936->25937 25939 7ff7c1069869 25936->25939 25944 7ff7c108a270 31 API calls 2 library calls 25937->25944 25939->25922 25941 7ff7c1070faa 25940->25941 25941->25931 25942->25934 25943->25935 25944->25939 25961 7ff7c106d4d0 25945->25961 25950 7ff7c106d9a3 25953 7ff7c106da17 25950->25953 25955 7ff7c106da3f 25950->25955 25951 7ff7c106d8e5 _snwprintf 25958 7ff7c106d974 25951->25958 25975 7ff7c1089ef0 25951->25975 26002 7ff7c1059d78 33 API calls 25951->26002 25954 7ff7c1082320 _handle_error 8 API calls 25953->25954 25956 7ff7c106da2b 25954->25956 25957 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 25955->25957 25956->25653 25959 7ff7c106da44 25957->25959 25958->25950 26003 7ff7c1059d78 33 API calls 25958->26003 25962 7ff7c106d665 25961->25962 25963 7ff7c106d502 25961->25963 25965 7ff7c106cb80 25962->25965 25963->25962 25964 7ff7c1051744 33 API calls 25963->25964 25964->25963 25966 7ff7c106cbb6 25965->25966 25967 7ff7c106cc80 25965->25967 25970 7ff7c106cbc6 25966->25970 25971 7ff7c106cc7b 25966->25971 25972 7ff7c106cc20 25966->25972 26005 7ff7c1052004 33 API calls std::_Xinvalid_argument 25967->26005 25970->25951 26004 7ff7c1051f80 33 API calls 3 library calls 25971->26004 25972->25970 25974 7ff7c10821d0 33 API calls 25972->25974 25974->25970 25976 7ff7c1089f36 25975->25976 25977 7ff7c1089f4e 25975->25977 26006 7ff7c108d69c 15 API calls _set_errno_from_matherr 25976->26006 25977->25976 25979 7ff7c1089f58 25977->25979 26008 7ff7c1087ef0 35 API calls 2 library calls 25979->26008 25980 7ff7c1089f3b 26007 7ff7c10878e4 31 API calls _invalid_parameter_noinfo_noreturn 25980->26007 25983 7ff7c1089f69 __scrt_get_show_window_mode 26009 7ff7c1087e70 15 API calls _set_errno_from_matherr 25983->26009 25984 7ff7c1082320 _handle_error 8 API calls 25985 7ff7c108a10b 25984->25985 25985->25951 25987 7ff7c1089fd4 26010 7ff7c10882f8 46 API calls 3 library calls 25987->26010 25989 7ff7c1089fdd 25990 7ff7c108a014 25989->25990 25991 7ff7c1089fe5 25989->25991 25993 7ff7c108a06c 25990->25993 25994 7ff7c108a092 25990->25994 25995 7ff7c108a023 25990->25995 25996 7ff7c108a01a 25990->25996 26011 7ff7c108d90c 25991->26011 25997 7ff7c108d90c __free_lconv_num 15 API calls 25993->25997 25994->25993 25998 7ff7c108a09c 25994->25998 25999 7ff7c108d90c __free_lconv_num 15 API calls 25995->25999 25996->25993 25996->25995 26001 7ff7c1089f46 25997->26001 26000 7ff7c108d90c __free_lconv_num 15 API calls 25998->26000 25999->26001 26000->26001 26001->25984 26002->25951 26003->25950 26004->25967 26006->25980 26007->26001 26008->25983 26009->25987 26010->25989 26012 7ff7c108d911 RtlFreeHeap 26011->26012 26013 7ff7c108d941 __free_lconv_num 26011->26013 26012->26013 26014 7ff7c108d92c 26012->26014 26013->26001 26017 7ff7c108d69c 15 API calls _set_errno_from_matherr 26014->26017 26016 7ff7c108d931 GetLastError 26016->26013 26017->26016 26019 7ff7c10520f6 26018->26019 26021 7ff7c10520cb memcpy_s 26018->26021 26022 7ff7c1051474 33 API calls 3 library calls 26019->26022 26021->25665 26022->26021 26024 7ff7c107864f SizeofResource 26023->26024 26025 7ff7c107879b 26023->26025 26024->26025 26026 7ff7c1078669 LoadResource 26024->26026 26025->25706 26026->26025 26027 7ff7c1078682 LockResource 26026->26027 26027->26025 26028 7ff7c1078697 GlobalAlloc 26027->26028 26028->26025 26029 7ff7c10786b8 GlobalLock 26028->26029 26030 7ff7c10786ca memcpy_s 26029->26030 26031 7ff7c1078792 GlobalFree 26029->26031 26032 7ff7c10786d8 CreateStreamOnHGlobal 26030->26032 26031->26025 26033 7ff7c1078789 GlobalUnlock 26032->26033 26034 7ff7c10786f6 GdipAlloc 26032->26034 26033->26031 26035 7ff7c107870b 26034->26035 26035->26033 26036 7ff7c107875a GdipCreateHBITMAPFromBitmap 26035->26036 26037 7ff7c1078772 26035->26037 26036->26037 26037->26033 26039 7ff7c10784cc 4 API calls 26038->26039 26040 7ff7c10784aa 26039->26040 26041 7ff7c10784b9 26040->26041 26049 7ff7c1078504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26040->26049 26041->25712 26041->25713 26041->25714 26043->25717 26045 7ff7c10784de 26044->26045 26046 7ff7c10784e3 26044->26046 26050 7ff7c1078590 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26045->26050 26048 7ff7c1078df4 16 API calls _handle_error 26046->26048 26048->25722 26049->26041 26050->26046 26054 7ff7c10698fe _snwprintf 26051->26054 26052 7ff7c1069973 26169 7ff7c10668b0 48 API calls 26052->26169 26054->26052 26055 7ff7c1069a89 26054->26055 26058 7ff7c10699fd 26055->26058 26060 7ff7c10520b0 33 API calls 26055->26060 26056 7ff7c1051fa0 31 API calls 26056->26058 26057 7ff7c106997d memcpy_s 26057->26056 26059 7ff7c106a42e 26057->26059 26120 7ff7c10624c0 26058->26120 26061 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26059->26061 26060->26058 26062 7ff7c106a434 26061->26062 26065 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26062->26065 26067 7ff7c106a43a 26065->26067 26066 7ff7c1069a22 26069 7ff7c106204c 100 API calls 26066->26069 26068 7ff7c1069b17 26138 7ff7c108a450 26068->26138 26071 7ff7c1069a2b 26069->26071 26071->26062 26074 7ff7c1069a66 26071->26074 26073 7ff7c1069aad 26073->26068 26077 7ff7c1068e58 33 API calls 26073->26077 26076 7ff7c1082320 _handle_error 8 API calls 26074->26076 26075 7ff7c108a450 31 API calls 26089 7ff7c1069b57 __vcrt_FlsAlloc 26075->26089 26078 7ff7c106a40e 26076->26078 26077->26073 26078->25725 26079 7ff7c1069c89 26080 7ff7c1062aa0 101 API calls 26079->26080 26092 7ff7c1069d5c 26079->26092 26083 7ff7c1069ca1 26080->26083 26086 7ff7c10628d0 104 API calls 26083->26086 26083->26092 26090 7ff7c1069cc9 26086->26090 26089->26079 26089->26092 26146 7ff7c1062bb0 26089->26146 26155 7ff7c10628d0 26089->26155 26160 7ff7c1062aa0 26089->26160 26090->26092 26113 7ff7c1069cd7 __vcrt_FlsAlloc 26090->26113 26170 7ff7c1070bbc MultiByteToWideChar 26090->26170 26165 7ff7c106204c 26092->26165 26093 7ff7c106a1ec 26103 7ff7c106a2c2 26093->26103 26176 7ff7c108cf90 31 API calls 2 library calls 26093->26176 26095 7ff7c106a157 26095->26093 26173 7ff7c108cf90 31 API calls 2 library calls 26095->26173 26096 7ff7c106a14b 26096->25725 26099 7ff7c106a249 26177 7ff7c108b7bc 31 API calls _invalid_parameter_noinfo_noreturn 26099->26177 26100 7ff7c106a3a2 26102 7ff7c108a450 31 API calls 26100->26102 26101 7ff7c106a2ae 26101->26103 26178 7ff7c1068cd0 33 API calls 2 library calls 26101->26178 26105 7ff7c106a3cb 26102->26105 26103->26100 26106 7ff7c1068e58 33 API calls 26103->26106 26107 7ff7c108a450 31 API calls 26105->26107 26106->26103 26107->26092 26109 7ff7c106a16d 26174 7ff7c108b7bc 31 API calls _invalid_parameter_noinfo_noreturn 26109->26174 26110 7ff7c106a1d8 26110->26093 26175 7ff7c1068cd0 33 API calls 2 library calls 26110->26175 26112 7ff7c106a429 26179 7ff7c1082624 8 API calls 26112->26179 26113->26092 26113->26093 26113->26095 26113->26096 26113->26112 26114 7ff7c1070f68 WideCharToMultiByte 26113->26114 26171 7ff7c106aa88 45 API calls _snwprintf 26113->26171 26172 7ff7c108a270 31 API calls 2 library calls 26113->26172 26114->26113 26119 7ff7c106a468 26118->26119 26119->25727 26121 7ff7c10624fd CreateFileW 26120->26121 26123 7ff7c10625ae GetLastError 26121->26123 26131 7ff7c106266e 26121->26131 26124 7ff7c1066a0c 49 API calls 26123->26124 26125 7ff7c10625dc 26124->26125 26126 7ff7c10625e0 CreateFileW GetLastError 26125->26126 26132 7ff7c106262c 26125->26132 26126->26132 26127 7ff7c10626b1 SetFileTime 26130 7ff7c10626cf 26127->26130 26128 7ff7c1062708 26129 7ff7c1082320 _handle_error 8 API calls 26128->26129 26133 7ff7c106271b 26129->26133 26130->26128 26134 7ff7c10520b0 33 API calls 26130->26134 26131->26127 26131->26130 26132->26131 26135 7ff7c1062736 26132->26135 26133->26066 26133->26073 26134->26128 26136 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26135->26136 26137 7ff7c106273b 26136->26137 26139 7ff7c108a47d 26138->26139 26145 7ff7c108a492 26139->26145 26180 7ff7c108d69c 15 API calls _set_errno_from_matherr 26139->26180 26141 7ff7c108a487 26181 7ff7c10878e4 31 API calls _invalid_parameter_noinfo_noreturn 26141->26181 26142 7ff7c1082320 _handle_error 8 API calls 26144 7ff7c1069b37 26142->26144 26144->26075 26145->26142 26147 7ff7c1062bcd 26146->26147 26151 7ff7c1062be9 26146->26151 26149 7ff7c1062bfb 26147->26149 26182 7ff7c105b9c4 99 API calls _com_raise_error 26147->26182 26149->26089 26150 7ff7c1062c01 SetFilePointer 26150->26149 26152 7ff7c1062c1e GetLastError 26150->26152 26151->26149 26151->26150 26152->26149 26153 7ff7c1062c28 26152->26153 26153->26149 26183 7ff7c105b9c4 99 API calls _com_raise_error 26153->26183 26156 7ff7c10628f6 26155->26156 26158 7ff7c10628fd 26155->26158 26156->26089 26158->26156 26159 7ff7c1062320 GetStdHandle ReadFile GetLastError GetLastError GetFileType 26158->26159 26184 7ff7c105b8a4 99 API calls _com_raise_error 26158->26184 26159->26158 26185 7ff7c1062778 26160->26185 26163 7ff7c1062ac7 26163->26089 26166 7ff7c1062066 26165->26166 26168 7ff7c1062072 26165->26168 26166->26168 26193 7ff7c10620d0 26166->26193 26169->26057 26170->26113 26171->26113 26172->26113 26173->26109 26174->26110 26175->26093 26176->26099 26177->26101 26178->26103 26179->26059 26180->26141 26181->26145 26191 7ff7c1062789 _snwprintf 26185->26191 26186 7ff7c1082320 _handle_error 8 API calls 26189 7ff7c106281d 26186->26189 26187 7ff7c10627b5 26187->26186 26188 7ff7c1062890 SetFilePointer 26188->26187 26190 7ff7c10628b8 GetLastError 26188->26190 26189->26163 26192 7ff7c105b9c4 99 API calls _com_raise_error 26189->26192 26190->26187 26191->26187 26191->26188 26194 7ff7c10620ea 26193->26194 26197 7ff7c1062102 26193->26197 26196 7ff7c10620f6 CloseHandle 26194->26196 26194->26197 26195 7ff7c1062126 26195->26168 26196->26197 26197->26195 26199 7ff7c105b544 99 API calls 26197->26199 26199->26195 26200->25737 26202->25741 26204 7ff7c108154b 26205 7ff7c10814a2 26204->26205 26208 7ff7c1081900 26205->26208 26234 7ff7c1081558 26208->26234 26211 7ff7c108198b 26213 7ff7c1081868 DloadReleaseSectionWriteAccess 6 API calls 26211->26213 26212 7ff7c10819b4 26215 7ff7c1081a3d LoadLibraryExA 26212->26215 26216 7ff7c1081b85 26212->26216 26217 7ff7c1081abd 26212->26217 26218 7ff7c1081aa9 26212->26218 26214 7ff7c1081998 RaiseException 26213->26214 26227 7ff7c10814e1 26214->26227 26215->26218 26219 7ff7c1081a54 GetLastError 26215->26219 26242 7ff7c1081868 26216->26242 26217->26216 26221 7ff7c1081b1b GetProcAddress 26217->26221 26218->26217 26220 7ff7c1081ab4 FreeLibrary 26218->26220 26222 7ff7c1081a7e 26219->26222 26223 7ff7c1081a69 26219->26223 26220->26217 26221->26216 26226 7ff7c1081b30 GetLastError 26221->26226 26225 7ff7c1081868 DloadReleaseSectionWriteAccess 6 API calls 26222->26225 26223->26218 26223->26222 26228 7ff7c1081a8b RaiseException 26225->26228 26229 7ff7c1081b45 26226->26229 26228->26227 26229->26216 26230 7ff7c1081868 DloadReleaseSectionWriteAccess 6 API calls 26229->26230 26231 7ff7c1081b67 RaiseException 26230->26231 26232 7ff7c1081558 _com_raise_error 6 API calls 26231->26232 26233 7ff7c1081b81 26232->26233 26233->26216 26235 7ff7c108156e 26234->26235 26241 7ff7c10815d3 26234->26241 26250 7ff7c1081604 26235->26250 26238 7ff7c10815ce 26239 7ff7c1081604 DloadReleaseSectionWriteAccess 3 API calls 26238->26239 26239->26241 26241->26211 26241->26212 26243 7ff7c1081878 26242->26243 26244 7ff7c10818d1 26242->26244 26245 7ff7c1081604 DloadReleaseSectionWriteAccess 3 API calls 26243->26245 26244->26227 26246 7ff7c108187d 26245->26246 26247 7ff7c10818cc 26246->26247 26248 7ff7c10817d8 DloadProtectSection 3 API calls 26246->26248 26249 7ff7c1081604 DloadReleaseSectionWriteAccess 3 API calls 26247->26249 26248->26247 26249->26244 26251 7ff7c108161f 26250->26251 26252 7ff7c1081573 26250->26252 26251->26252 26253 7ff7c1081624 GetModuleHandleW 26251->26253 26252->26238 26257 7ff7c10817d8 26252->26257 26254 7ff7c108163e GetProcAddress 26253->26254 26255 7ff7c1081639 26253->26255 26254->26255 26256 7ff7c1081653 GetProcAddress 26254->26256 26255->26252 26256->26255 26258 7ff7c10817fa DloadProtectSection 26257->26258 26259 7ff7c108183a VirtualProtect 26258->26259 26260 7ff7c1081802 26258->26260 26262 7ff7c10816a4 VirtualQuery GetSystemInfo 26258->26262 26259->26260 26260->26238 26262->26259 26266 7ff7c108bf2c 26273 7ff7c108bc34 26266->26273 26278 7ff7c108d440 35 API calls 2 library calls 26273->26278 26277 7ff7c108bc3f 26279 7ff7c108d068 35 API calls abort 26277->26279 26278->26277 26280 7ff7c108d94c 26281 7ff7c108d997 26280->26281 26282 7ff7c108d95b abort 26280->26282 26287 7ff7c108d69c 15 API calls _set_errno_from_matherr 26281->26287 26282->26281 26283 7ff7c108d97e HeapAlloc 26282->26283 26286 7ff7c108bbc0 abort 2 API calls 26282->26286 26283->26282 26285 7ff7c108d995 26283->26285 26286->26282 26287->26285 26288 7ff7c10820f0 26289 7ff7c1082106 _com_error::_com_error 26288->26289 26294 7ff7c1084078 26289->26294 26291 7ff7c1082117 26292 7ff7c1081900 _com_raise_error 14 API calls 26291->26292 26293 7ff7c1082163 26292->26293 26295 7ff7c1084097 26294->26295 26296 7ff7c10840b4 RtlPcToFileHeader 26294->26296 26295->26296 26297 7ff7c10840cc 26296->26297 26298 7ff7c10840db RaiseException 26296->26298 26297->26298 26298->26291 26299 7ff7c107b190 26642 7ff7c105255c 26299->26642 26301 7ff7c107b1db 26302 7ff7c107be93 26301->26302 26303 7ff7c107b1ef 26301->26303 26448 7ff7c107b20c 26301->26448 26908 7ff7c107f390 26302->26908 26307 7ff7c107b2db 26303->26307 26308 7ff7c107b1ff 26303->26308 26303->26448 26306 7ff7c1082320 _handle_error 8 API calls 26311 7ff7c107c350 26306->26311 26314 7ff7c107b391 26307->26314 26319 7ff7c107b2f5 26307->26319 26312 7ff7c107b2a9 26308->26312 26313 7ff7c107b207 26308->26313 26309 7ff7c107beba SendMessageW 26310 7ff7c107bec9 26309->26310 26316 7ff7c107bed5 SendDlgItemMessageW 26310->26316 26317 7ff7c107bef0 GetDlgItem SendMessageW 26310->26317 26318 7ff7c107b2cb EndDialog 26312->26318 26312->26448 26322 7ff7c106aae0 48 API calls 26313->26322 26313->26448 26650 7ff7c10522bc GetDlgItem 26314->26650 26316->26317 26321 7ff7c10662dc 35 API calls 26317->26321 26318->26448 26323 7ff7c106aae0 48 API calls 26319->26323 26326 7ff7c107bf47 GetDlgItem 26321->26326 26327 7ff7c107b236 26322->26327 26324 7ff7c107b313 SetDlgItemTextW 26323->26324 26329 7ff7c107b326 26324->26329 26325 7ff7c107b3b1 EndDialog 26503 7ff7c107b3da 26325->26503 26927 7ff7c1052520 26326->26927 26931 7ff7c1051ec4 34 API calls _handle_error 26327->26931 26328 7ff7c107b408 GetDlgItem 26332 7ff7c107b422 SendMessageW SendMessageW 26328->26332 26333 7ff7c107b44f SetFocus 26328->26333 26338 7ff7c107b340 GetMessageW 26329->26338 26329->26448 26332->26333 26339 7ff7c107b465 26333->26339 26340 7ff7c107b4f2 26333->26340 26336 7ff7c107b246 26337 7ff7c107b25c 26336->26337 26932 7ff7c105250c 26336->26932 26355 7ff7c107c363 26337->26355 26337->26448 26345 7ff7c107b35e IsDialogMessageW 26338->26345 26338->26448 26346 7ff7c106aae0 48 API calls 26339->26346 26664 7ff7c1058d04 26340->26664 26345->26329 26351 7ff7c107b373 TranslateMessage DispatchMessageW 26345->26351 26356 7ff7c107b46f 26346->26356 26347 7ff7c107bcc5 26352 7ff7c106aae0 48 API calls 26347->26352 26348 7ff7c1051fa0 31 API calls 26348->26448 26350 7ff7c107b52c 26674 7ff7c107ef80 26350->26674 26351->26329 26357 7ff7c107bcd6 SetDlgItemTextW 26352->26357 26361 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26355->26361 26365 7ff7c105129c 33 API calls 26356->26365 26360 7ff7c106aae0 48 API calls 26357->26360 26366 7ff7c107bd08 26360->26366 26367 7ff7c107c368 26361->26367 26364 7ff7c106aae0 48 API calls 26369 7ff7c107b555 26364->26369 26370 7ff7c107b498 26365->26370 26383 7ff7c105129c 33 API calls 26366->26383 26376 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26367->26376 26373 7ff7c106da98 48 API calls 26369->26373 26374 7ff7c107f0a4 24 API calls 26370->26374 26380 7ff7c107b568 26373->26380 26381 7ff7c107b4a5 26374->26381 26384 7ff7c107c36e 26376->26384 26688 7ff7c107f0a4 26380->26688 26381->26367 26397 7ff7c107b4e8 26381->26397 26406 7ff7c107bd31 26383->26406 26390 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26384->26390 26389 7ff7c107bdda 26398 7ff7c106aae0 48 API calls 26389->26398 26399 7ff7c107c374 26390->26399 26396 7ff7c107b5ec 26409 7ff7c107b61a 26396->26409 26936 7ff7c10632a8 26396->26936 26397->26396 26935 7ff7c107fa80 33 API calls 2 library calls 26397->26935 26411 7ff7c107bde4 26398->26411 26418 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26399->26418 26403 7ff7c1051fa0 31 API calls 26414 7ff7c107b586 26403->26414 26406->26389 26419 7ff7c105129c 33 API calls 26406->26419 26702 7ff7c1062f58 26409->26702 26430 7ff7c105129c 33 API calls 26411->26430 26414->26384 26414->26397 26424 7ff7c107c37a 26418->26424 26425 7ff7c107bd7f 26419->26425 26435 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26424->26435 26431 7ff7c106aae0 48 API calls 26425->26431 26428 7ff7c107b64c 26714 7ff7c1067fc4 26428->26714 26429 7ff7c107b634 GetLastError 26429->26428 26434 7ff7c107be0d 26430->26434 26437 7ff7c107bd8a 26431->26437 26433 7ff7c107b60e 26939 7ff7c1079d90 12 API calls _handle_error 26433->26939 26451 7ff7c105129c 33 API calls 26434->26451 26441 7ff7c107c380 26435->26441 26443 7ff7c1051150 33 API calls 26437->26443 26452 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26441->26452 26446 7ff7c107bda2 26443->26446 26445 7ff7c107b65e 26449 7ff7c107b665 GetLastError 26445->26449 26450 7ff7c107b674 26445->26450 26458 7ff7c1052034 33 API calls 26446->26458 26448->26306 26449->26450 26454 7ff7c107b71c 26450->26454 26457 7ff7c107b72b 26450->26457 26459 7ff7c107b68b GetTickCount 26450->26459 26455 7ff7c107be4e 26451->26455 26456 7ff7c107c386 26452->26456 26454->26457 26476 7ff7c107bb79 26454->26476 26470 7ff7c1051fa0 31 API calls 26455->26470 26460 7ff7c105255c 61 API calls 26456->26460 26461 7ff7c107ba50 26457->26461 26466 7ff7c1066454 34 API calls 26457->26466 26462 7ff7c107bdbe 26458->26462 26717 7ff7c1054228 26459->26717 26464 7ff7c107c3e4 26460->26464 26461->26325 26948 7ff7c105bd0c 33 API calls 26461->26948 26467 7ff7c1051fa0 31 API calls 26462->26467 26471 7ff7c107c3e8 26464->26471 26472 7ff7c107c489 GetDlgItem SetFocus 26464->26472 26522 7ff7c107c3fd 26464->26522 26473 7ff7c107b74e 26466->26473 26474 7ff7c107bdcc 26467->26474 26478 7ff7c107be78 26470->26478 26481 7ff7c1082320 _handle_error 8 API calls 26471->26481 26485 7ff7c107c4ba 26472->26485 26940 7ff7c106b914 102 API calls 26473->26940 26484 7ff7c1051fa0 31 API calls 26474->26484 26487 7ff7c106aae0 48 API calls 26476->26487 26477 7ff7c107ba75 26949 7ff7c1051150 26477->26949 26480 7ff7c1051fa0 31 API calls 26478->26480 26489 7ff7c107be83 26480->26489 26490 7ff7c107ca97 26481->26490 26484->26389 26499 7ff7c105129c 33 API calls 26485->26499 26486 7ff7c107b6ba 26493 7ff7c1051fa0 31 API calls 26486->26493 26494 7ff7c107bba7 SetDlgItemTextW 26487->26494 26488 7ff7c107ba8a 26495 7ff7c106aae0 48 API calls 26488->26495 26496 7ff7c1051fa0 31 API calls 26489->26496 26492 7ff7c107b768 26498 7ff7c106da98 48 API calls 26492->26498 26500 7ff7c107b6c8 26493->26500 26501 7ff7c1052534 26494->26501 26502 7ff7c107ba97 26495->26502 26496->26503 26497 7ff7c107c434 SendDlgItemMessageW 26504 7ff7c107c45d EndDialog 26497->26504 26505 7ff7c107c454 26497->26505 26506 7ff7c107b7aa GetCommandLineW 26498->26506 26507 7ff7c107c4cc 26499->26507 26727 7ff7c1062134 26500->26727 26508 7ff7c107bbc5 SetDlgItemTextW GetDlgItem 26501->26508 26509 7ff7c1051150 33 API calls 26502->26509 26503->26348 26504->26471 26505->26504 26510 7ff7c107b869 26506->26510 26511 7ff7c107b84f 26506->26511 26953 7ff7c10680d8 33 API calls 26507->26953 26514 7ff7c107bc13 26508->26514 26515 7ff7c107bbf0 GetWindowLongPtrW SetWindowLongPtrW 26508->26515 26516 7ff7c107baaa 26509->26516 26941 7ff7c107ab54 33 API calls _handle_error 26510->26941 26529 7ff7c10520b0 33 API calls 26511->26529 26743 7ff7c107ce88 26514->26743 26515->26514 26521 7ff7c1051fa0 31 API calls 26516->26521 26517 7ff7c107c4e0 26523 7ff7c105250c SetDlgItemTextW 26517->26523 26528 7ff7c107bab5 26521->26528 26522->26471 26522->26497 26530 7ff7c107c4f4 26523->26530 26524 7ff7c107b87a 26942 7ff7c107ab54 33 API calls _handle_error 26524->26942 26525 7ff7c107b6f5 GetLastError 26526 7ff7c107b704 26525->26526 26532 7ff7c106204c 100 API calls 26526->26532 26534 7ff7c1051fa0 31 API calls 26528->26534 26529->26510 26539 7ff7c107c526 SendDlgItemMessageW FindFirstFileW 26530->26539 26536 7ff7c107b711 26532->26536 26533 7ff7c107ce88 160 API calls 26537 7ff7c107bc3c 26533->26537 26538 7ff7c107bac3 26534->26538 26535 7ff7c107b88b 26943 7ff7c107ab54 33 API calls _handle_error 26535->26943 26541 7ff7c1051fa0 31 API calls 26536->26541 26893 7ff7c107f974 26537->26893 26549 7ff7c106aae0 48 API calls 26538->26549 26543 7ff7c107c57b 26539->26543 26635 7ff7c107ca04 26539->26635 26541->26454 26554 7ff7c106aae0 48 API calls 26543->26554 26544 7ff7c107b89c 26944 7ff7c106b9b4 102 API calls 26544->26944 26547 7ff7c107ca81 26547->26471 26548 7ff7c107ce88 160 API calls 26564 7ff7c107bc6a 26548->26564 26553 7ff7c107badb 26549->26553 26550 7ff7c107b8b3 26945 7ff7c107fbdc 33 API calls 26550->26945 26552 7ff7c107caa9 26557 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26552->26557 26565 7ff7c105129c 33 API calls 26553->26565 26555 7ff7c107c59e 26554->26555 26567 7ff7c105129c 33 API calls 26555->26567 26556 7ff7c107b8d2 CreateFileMappingW 26559 7ff7c107b953 ShellExecuteExW 26556->26559 26560 7ff7c107b911 MapViewOfFile 26556->26560 26561 7ff7c107caae 26557->26561 26558 7ff7c107bc96 26907 7ff7c1052298 GetDlgItem EnableWindow 26558->26907 26582 7ff7c107b974 26559->26582 26946 7ff7c1083640 26560->26946 26568 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26561->26568 26564->26558 26569 7ff7c107ce88 160 API calls 26564->26569 26576 7ff7c107bb04 26565->26576 26566 7ff7c107b3f5 26566->26325 26566->26347 26570 7ff7c107c5cd 26567->26570 26571 7ff7c107cab4 26568->26571 26569->26558 26572 7ff7c1051150 33 API calls 26570->26572 26575 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26571->26575 26573 7ff7c107c5e8 26572->26573 26954 7ff7c105e164 33 API calls 2 library calls 26573->26954 26574 7ff7c107b9c3 26583 7ff7c107b9dc UnmapViewOfFile CloseHandle 26574->26583 26584 7ff7c107b9ef 26574->26584 26579 7ff7c107caba 26575->26579 26576->26424 26577 7ff7c107bb5a 26576->26577 26580 7ff7c1051fa0 31 API calls 26577->26580 26587 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26579->26587 26580->26325 26581 7ff7c107c5ff 26585 7ff7c1051fa0 31 API calls 26581->26585 26582->26574 26589 7ff7c107b9b1 Sleep 26582->26589 26583->26584 26584->26399 26586 7ff7c107ba25 26584->26586 26588 7ff7c107c60c 26585->26588 26591 7ff7c1051fa0 31 API calls 26586->26591 26590 7ff7c107cac0 26587->26590 26588->26561 26593 7ff7c1051fa0 31 API calls 26588->26593 26589->26574 26589->26582 26594 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26590->26594 26592 7ff7c107ba42 26591->26592 26595 7ff7c1051fa0 31 API calls 26592->26595 26596 7ff7c107c673 26593->26596 26597 7ff7c107cac6 26594->26597 26595->26461 26598 7ff7c105250c SetDlgItemTextW 26596->26598 26600 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26597->26600 26599 7ff7c107c687 FindClose 26598->26599 26601 7ff7c107c797 SendDlgItemMessageW 26599->26601 26602 7ff7c107c6a3 26599->26602 26603 7ff7c107cacc 26600->26603 26604 7ff7c107c7cb 26601->26604 26955 7ff7c107a2cc 10 API calls _handle_error 26602->26955 26607 7ff7c106aae0 48 API calls 26604->26607 26606 7ff7c107c6c6 26608 7ff7c106aae0 48 API calls 26606->26608 26609 7ff7c107c7d8 26607->26609 26610 7ff7c107c6cf 26608->26610 26612 7ff7c105129c 33 API calls 26609->26612 26611 7ff7c106da98 48 API calls 26610->26611 26615 7ff7c107c6ec memcpy_s 26611->26615 26614 7ff7c107c807 26612->26614 26613 7ff7c1051fa0 31 API calls 26616 7ff7c107c783 26613->26616 26617 7ff7c1051150 33 API calls 26614->26617 26615->26571 26615->26613 26618 7ff7c105250c SetDlgItemTextW 26616->26618 26619 7ff7c107c822 26617->26619 26618->26601 26956 7ff7c105e164 33 API calls 2 library calls 26619->26956 26621 7ff7c107c839 26622 7ff7c1051fa0 31 API calls 26621->26622 26623 7ff7c107c845 memcpy_s 26622->26623 26624 7ff7c1051fa0 31 API calls 26623->26624 26625 7ff7c107c87f 26624->26625 26626 7ff7c1051fa0 31 API calls 26625->26626 26627 7ff7c107c88c 26626->26627 26627->26579 26628 7ff7c1051fa0 31 API calls 26627->26628 26629 7ff7c107c8f3 26628->26629 26630 7ff7c105250c SetDlgItemTextW 26629->26630 26631 7ff7c107c907 26630->26631 26631->26635 26957 7ff7c107a2cc 10 API calls _handle_error 26631->26957 26633 7ff7c107c932 26634 7ff7c106aae0 48 API calls 26633->26634 26636 7ff7c107c93c 26634->26636 26635->26471 26635->26547 26635->26552 26635->26597 26637 7ff7c106da98 48 API calls 26636->26637 26639 7ff7c107c959 memcpy_s 26637->26639 26638 7ff7c1051fa0 31 API calls 26640 7ff7c107c9f0 26638->26640 26639->26590 26639->26638 26641 7ff7c105250c SetDlgItemTextW 26640->26641 26641->26635 26643 7ff7c105256a 26642->26643 26644 7ff7c10525d0 26642->26644 26643->26644 26958 7ff7c106a4ac 26643->26958 26644->26301 26646 7ff7c105258f 26646->26644 26647 7ff7c10525a4 GetDlgItem 26646->26647 26647->26644 26648 7ff7c10525b7 26647->26648 26648->26644 26649 7ff7c10525be SetWindowTextW 26648->26649 26649->26644 26651 7ff7c10522fc 26650->26651 26652 7ff7c1052334 26650->26652 26655 7ff7c105129c 33 API calls 26651->26655 27007 7ff7c10523f8 GetWindowTextLengthW 26652->27007 26654 7ff7c105232a memcpy_s 26656 7ff7c1051fa0 31 API calls 26654->26656 26660 7ff7c1052389 26654->26660 26655->26654 26656->26660 26657 7ff7c10523c8 26658 7ff7c1082320 _handle_error 8 API calls 26657->26658 26659 7ff7c10523dd 26658->26659 26659->26325 26659->26328 26659->26566 26660->26657 26661 7ff7c10523f0 26660->26661 26662 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26661->26662 26663 7ff7c10523f5 26662->26663 26665 7ff7c1058de8 26664->26665 26666 7ff7c1058d34 26664->26666 27020 7ff7c1052004 33 API calls std::_Xinvalid_argument 26665->27020 26669 7ff7c1058de3 26666->26669 26670 7ff7c1058d91 26666->26670 26672 7ff7c1058d42 memcpy_s 26666->26672 27019 7ff7c1051f80 33 API calls 3 library calls 26669->27019 26670->26672 26673 7ff7c10821d0 33 API calls 26670->26673 26672->26350 26673->26672 26678 7ff7c107efb0 26674->26678 26675 7ff7c107efd7 26676 7ff7c1082320 _handle_error 8 API calls 26675->26676 26677 7ff7c107b537 26676->26677 26677->26364 26678->26675 27021 7ff7c105bd0c 33 API calls 26678->27021 26680 7ff7c107f02a 26681 7ff7c1051150 33 API calls 26680->26681 26682 7ff7c107f03f 26681->26682 26684 7ff7c1051fa0 31 API calls 26682->26684 26685 7ff7c107f04f memcpy_s 26682->26685 26683 7ff7c1051fa0 31 API calls 26686 7ff7c107f076 26683->26686 26684->26685 26685->26683 26687 7ff7c1051fa0 31 API calls 26686->26687 26687->26675 27022 7ff7c107ae1c PeekMessageW 26688->27022 26691 7ff7c107f0f5 26695 7ff7c107f101 ShowWindow SendMessageW SendMessageW 26691->26695 26692 7ff7c107f143 SendMessageW SendMessageW 26693 7ff7c107f189 26692->26693 26694 7ff7c107f1a4 SendMessageW 26692->26694 26693->26694 26696 7ff7c107f1c6 SendMessageW SendMessageW 26694->26696 26697 7ff7c107f1c3 26694->26697 26695->26692 26698 7ff7c107f218 SendMessageW 26696->26698 26699 7ff7c107f1f3 SendMessageW 26696->26699 26697->26696 26700 7ff7c1082320 _handle_error 8 API calls 26698->26700 26699->26698 26701 7ff7c107b578 26700->26701 26701->26403 26703 7ff7c106309d 26702->26703 26707 7ff7c1062f8e 26702->26707 26704 7ff7c1082320 _handle_error 8 API calls 26703->26704 26705 7ff7c10630b3 26704->26705 26705->26428 26705->26429 26706 7ff7c1063077 26706->26703 26708 7ff7c1063684 56 API calls 26706->26708 26707->26706 26709 7ff7c105129c 33 API calls 26707->26709 26711 7ff7c10630c8 26707->26711 27027 7ff7c1063684 26707->27027 26708->26703 26709->26707 26712 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26711->26712 26713 7ff7c10630cd 26712->26713 26715 7ff7c1067fcf 26714->26715 26716 7ff7c1067fd2 SetCurrentDirectoryW 26714->26716 26715->26716 26716->26445 26718 7ff7c1054255 26717->26718 26719 7ff7c105426a 26718->26719 26720 7ff7c105129c 33 API calls 26718->26720 26721 7ff7c1082320 _handle_error 8 API calls 26719->26721 26720->26719 26722 7ff7c10542a1 26721->26722 26723 7ff7c1053c84 26722->26723 26724 7ff7c1053cab 26723->26724 27061 7ff7c105710c 26724->27061 26726 7ff7c1053cbb memcpy_s 26726->26486 26729 7ff7c106216a 26727->26729 26728 7ff7c106219e 26731 7ff7c106227f 26728->26731 26733 7ff7c1066a0c 49 API calls 26728->26733 26729->26728 26730 7ff7c10621b1 CreateFileW 26729->26730 26730->26728 26732 7ff7c10622af 26731->26732 26736 7ff7c10520b0 33 API calls 26731->26736 26734 7ff7c1082320 _handle_error 8 API calls 26732->26734 26735 7ff7c1062209 26733->26735 26737 7ff7c10622c4 26734->26737 26738 7ff7c106220d CreateFileW 26735->26738 26739 7ff7c1062246 26735->26739 26736->26732 26737->26525 26737->26526 26738->26739 26739->26731 26740 7ff7c10622d8 26739->26740 26741 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26740->26741 26742 7ff7c10622dd 26741->26742 27073 7ff7c107aa08 26743->27073 26745 7ff7c107d1ee 26746 7ff7c1051fa0 31 API calls 26745->26746 26747 7ff7c107d1f7 26746->26747 26748 7ff7c1082320 _handle_error 8 API calls 26747->26748 26750 7ff7c107bc2b 26748->26750 26749 7ff7c106d22c 33 API calls 26860 7ff7c107cf03 memcpy_s 26749->26860 26750->26533 26751 7ff7c107eefa 27198 7ff7c105704c 47 API calls memcpy_s 26751->27198 26754 7ff7c105129c 33 API calls 26754->26860 26755 7ff7c107ef00 27199 7ff7c105704c 47 API calls memcpy_s 26755->27199 26757 7ff7c107eeee 26760 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26757->26760 26758 7ff7c107ef06 26762 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26758->26762 26761 7ff7c107eef4 26760->26761 27197 7ff7c105704c 47 API calls memcpy_s 26761->27197 26763 7ff7c107ef0c 26762->26763 26766 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26763->26766 26767 7ff7c107ef12 26766->26767 26772 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26767->26772 26768 7ff7c107ee4a 26769 7ff7c107eed2 26768->26769 26773 7ff7c10520b0 33 API calls 26768->26773 27195 7ff7c1051f80 33 API calls 3 library calls 26769->27195 26770 7ff7c10513a4 33 API calls 26774 7ff7c107dc3a GetTempPathW 26770->26774 26771 7ff7c107eee8 27196 7ff7c1052004 33 API calls std::_Xinvalid_argument 26771->27196 26775 7ff7c107ef18 26772->26775 26778 7ff7c107ee77 26773->26778 26774->26860 26783 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26775->26783 26776 7ff7c10662dc 35 API calls 26776->26860 27194 7ff7c107abe8 33 API calls 3 library calls 26778->27194 26781 7ff7c107ee8d 26789 7ff7c1051fa0 31 API calls 26781->26789 26793 7ff7c107eea4 memcpy_s 26781->26793 26782 7ff7c1052520 SetWindowTextW 26782->26860 26787 7ff7c107ef1e 26783->26787 26786 7ff7c108bb8c 43 API calls 26786->26860 26794 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26787->26794 26789->26793 26790 7ff7c1051fa0 31 API calls 26790->26769 26791 7ff7c107e7f3 26791->26769 26791->26771 26792 7ff7c10821d0 33 API calls 26791->26792 26801 7ff7c107e83b memcpy_s 26791->26801 26792->26801 26793->26790 26795 7ff7c107ef24 26794->26795 26800 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26795->26800 26797 7ff7c107aa08 33 API calls 26797->26860 26798 7ff7c107ef6c 27202 7ff7c1052004 33 API calls std::_Xinvalid_argument 26798->27202 26799 7ff7c107ef78 27204 7ff7c1052004 33 API calls std::_Xinvalid_argument 26799->27204 26804 7ff7c107ef2a 26800->26804 26809 7ff7c10520b0 33 API calls 26801->26809 26851 7ff7c107eb8f 26801->26851 26803 7ff7c1051fa0 31 API calls 26803->26768 26816 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26804->26816 26805 7ff7c107ef72 27203 7ff7c1051f80 33 API calls 3 library calls 26805->27203 26806 7ff7c10520b0 33 API calls 26806->26860 26808 7ff7c107ef66 27201 7ff7c1051f80 33 API calls 3 library calls 26808->27201 26817 7ff7c107e963 26809->26817 26812 7ff7c107ed40 26812->26799 26812->26805 26829 7ff7c107ed3b memcpy_s 26812->26829 26834 7ff7c10821d0 33 API calls 26812->26834 26814 7ff7c107ec2a 26814->26798 26814->26808 26824 7ff7c107ec72 memcpy_s 26814->26824 26814->26829 26831 7ff7c10821d0 33 API calls 26814->26831 26815 7ff7c1052674 31 API calls 26815->26860 26821 7ff7c107ef30 26816->26821 26823 7ff7c107ef60 26817->26823 26830 7ff7c105129c 33 API calls 26817->26830 26820 7ff7c10799c8 31 API calls 26820->26860 26835 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26821->26835 26822 7ff7c1063d34 51 API calls 26822->26860 27200 7ff7c105704c 47 API calls memcpy_s 26823->27200 27116 7ff7c107f4e0 26824->27116 26826 7ff7c107d5e9 GetDlgItem 26832 7ff7c1052520 SetWindowTextW 26826->26832 26829->26803 26836 7ff7c107e9a6 26830->26836 26831->26824 26837 7ff7c107d608 SendMessageW 26832->26837 26834->26829 26839 7ff7c107ef36 26835->26839 27190 7ff7c106d22c 26836->27190 26837->26860 26838 7ff7c10632bc 51 API calls 26838->26860 26844 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26839->26844 26842 7ff7c1065b60 53 API calls 26842->26860 26843 7ff7c106dc2c 33 API calls 26843->26860 26849 7ff7c107ef3c 26844->26849 26845 7ff7c107d63c SendMessageW 26845->26860 26848 7ff7c1063f30 54 API calls 26848->26860 26852 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26849->26852 26851->26812 26851->26814 26854 7ff7c107ef5a 26851->26854 26877 7ff7c107ef54 26851->26877 26856 7ff7c107ef42 26852->26856 26858 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26854->26858 26855 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26855->26854 26861 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26856->26861 26858->26823 26859 7ff7c1054228 33 API calls 26859->26860 26860->26745 26860->26749 26860->26751 26860->26754 26860->26755 26860->26757 26860->26758 26860->26761 26860->26763 26860->26767 26860->26768 26860->26770 26860->26775 26860->26776 26860->26782 26860->26786 26860->26787 26860->26791 26860->26795 26860->26797 26860->26804 26860->26806 26860->26815 26860->26820 26860->26821 26860->26822 26860->26838 26860->26839 26860->26842 26860->26843 26860->26845 26860->26848 26860->26849 26860->26856 26860->26859 26862 7ff7c1065820 33 API calls 26860->26862 26863 7ff7c10632a8 51 API calls 26860->26863 26866 7ff7c1065aa8 33 API calls 26860->26866 26868 7ff7c1058d04 33 API calls 26860->26868 26869 7ff7c105e164 33 API calls 26860->26869 26870 7ff7c105250c SetDlgItemTextW 26860->26870 26873 7ff7c1067df4 47 API calls 26860->26873 26874 7ff7c1051150 33 API calls 26860->26874 26879 7ff7c1052034 33 API calls 26860->26879 26884 7ff7c107df99 EndDialog 26860->26884 26886 7ff7c107db21 MoveFileW 26860->26886 26890 7ff7c1062f58 56 API calls 26860->26890 26892 7ff7c1051fa0 31 API calls 26860->26892 27077 7ff7c10713c4 CompareStringW 26860->27077 27078 7ff7c107a440 26860->27078 27154 7ff7c106cfa4 35 API calls _invalid_parameter_noinfo_noreturn 26860->27154 27155 7ff7c10795b4 33 API calls Concurrency::cancel_current_task 26860->27155 27156 7ff7c1080684 31 API calls _invalid_parameter_noinfo_noreturn 26860->27156 27157 7ff7c105df4c 47 API calls memcpy_s 26860->27157 27158 7ff7c107a834 33 API calls _invalid_parameter_noinfo_noreturn 26860->27158 27159 7ff7c1079518 33 API calls 26860->27159 27160 7ff7c107abe8 33 API calls 3 library calls 26860->27160 27161 7ff7c1067368 33 API calls 2 library calls 26860->27161 27162 7ff7c1064088 33 API calls 26860->27162 27163 7ff7c10665b0 33 API calls 3 library calls 26860->27163 27164 7ff7c10672cc 26860->27164 27168 7ff7c1051744 33 API calls 4 library calls 26860->27168 27169 7ff7c10631bc 26860->27169 27183 7ff7c1063ea0 FindClose 26860->27183 27184 7ff7c10713f4 CompareStringW 26860->27184 27185 7ff7c1079cd0 47 API calls 26860->27185 27186 7ff7c10787d8 51 API calls 3 library calls 26860->27186 27187 7ff7c107ab54 33 API calls _handle_error 26860->27187 27188 7ff7c1065b08 CompareStringW 26860->27188 27189 7ff7c1067eb0 47 API calls 26860->27189 26864 7ff7c107ef48 26861->26864 26862->26860 26863->26860 26867 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26864->26867 26865 7ff7c107e9d1 26865->26851 26865->26864 26871 7ff7c107ef4e 26865->26871 26878 7ff7c1051fa0 31 API calls 26865->26878 26880 7ff7c105129c 33 API calls 26865->26880 26882 7ff7c10713c4 CompareStringW 26865->26882 26885 7ff7c106d22c 33 API calls 26865->26885 26866->26860 26867->26871 26868->26860 26869->26860 26870->26860 26875 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26871->26875 26873->26860 26874->26860 26875->26877 26877->26855 26878->26865 26879->26860 26880->26865 26882->26865 26884->26860 26885->26865 26887 7ff7c107db55 MoveFileExW 26886->26887 26888 7ff7c107db70 26886->26888 26887->26888 26888->26860 26889 7ff7c1051fa0 31 API calls 26888->26889 26889->26888 26890->26860 26892->26860 26894 7ff7c107f9a3 26893->26894 26895 7ff7c10520b0 33 API calls 26894->26895 26897 7ff7c107f9b9 26895->26897 26896 7ff7c107f9ee 27217 7ff7c105e34c 26896->27217 26897->26896 26898 7ff7c10520b0 33 API calls 26897->26898 26898->26896 26900 7ff7c107fa4b 27237 7ff7c105e7a8 26900->27237 26904 7ff7c107fa61 26905 7ff7c1082320 _handle_error 8 API calls 26904->26905 26906 7ff7c107bc52 26905->26906 26906->26548 26909 7ff7c107849c 4 API calls 26908->26909 26910 7ff7c107f3bf 26909->26910 26911 7ff7c107f4b7 26910->26911 26912 7ff7c107f3c7 GetWindow 26910->26912 26913 7ff7c1082320 _handle_error 8 API calls 26911->26913 26919 7ff7c107f3e2 26912->26919 26914 7ff7c107be9b 26913->26914 26914->26309 26914->26310 26915 7ff7c107f3ee GetClassNameW 28260 7ff7c10713c4 CompareStringW 26915->28260 26917 7ff7c107f417 GetWindowLongPtrW 26918 7ff7c107f496 GetWindow 26917->26918 26920 7ff7c107f429 SendMessageW 26917->26920 26918->26911 26918->26919 26919->26911 26919->26915 26919->26917 26919->26918 26920->26918 26921 7ff7c107f445 GetObjectW 26920->26921 28261 7ff7c1078504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26921->28261 26923 7ff7c107f461 26924 7ff7c10784cc 4 API calls 26923->26924 28262 7ff7c1078df4 16 API calls _handle_error 26923->28262 26924->26923 26926 7ff7c107f479 SendMessageW DeleteObject 26926->26918 26928 7ff7c1052527 26927->26928 26929 7ff7c105252a SetWindowTextW 26927->26929 26928->26929 26930 7ff7c10be2e0 26929->26930 26931->26336 26933 7ff7c1052513 26932->26933 26934 7ff7c1052516 SetDlgItemTextW 26932->26934 26933->26934 26935->26396 26937 7ff7c10632bc 51 API calls 26936->26937 26938 7ff7c10632b1 26937->26938 26938->26409 26938->26433 26939->26409 26940->26492 26941->26524 26942->26535 26943->26544 26944->26550 26945->26556 26947 7ff7c1083620 26946->26947 26947->26559 26948->26477 26950 7ff7c1051177 26949->26950 26951 7ff7c1052034 33 API calls 26950->26951 26952 7ff7c1051185 memcpy_s 26951->26952 26952->26488 26953->26517 26954->26581 26955->26606 26956->26621 26957->26633 26959 7ff7c1063e28 swprintf 46 API calls 26958->26959 26960 7ff7c106a509 26959->26960 26961 7ff7c1070f68 WideCharToMultiByte 26960->26961 26963 7ff7c106a519 26961->26963 26962 7ff7c106a589 26983 7ff7c1069408 26962->26983 26963->26962 26977 7ff7c1069800 31 API calls 26963->26977 26980 7ff7c106a56a SetDlgItemTextW 26963->26980 26966 7ff7c106a603 26969 7ff7c106a60c GetWindowLongPtrW 26966->26969 26970 7ff7c106a6c2 26966->26970 26967 7ff7c106a6f2 GetSystemMetrics GetWindow 26968 7ff7c106a821 26967->26968 26981 7ff7c106a71d 26967->26981 26973 7ff7c1082320 _handle_error 8 API calls 26968->26973 26971 7ff7c10be2c0 26969->26971 26998 7ff7c10695a8 26970->26998 26975 7ff7c106a6aa GetWindowRect 26971->26975 26974 7ff7c106a830 26973->26974 26974->26646 26975->26970 26977->26963 26978 7ff7c106a6e5 SetWindowTextW 26978->26967 26979 7ff7c106a73e GetWindowRect 26979->26981 26980->26963 26981->26968 26981->26979 26982 7ff7c106a800 GetWindow 26981->26982 26982->26968 26982->26981 26984 7ff7c10695a8 47 API calls 26983->26984 26985 7ff7c106944f 26984->26985 26986 7ff7c106955a 26985->26986 26989 7ff7c105129c 33 API calls 26985->26989 26987 7ff7c1082320 _handle_error 8 API calls 26986->26987 26988 7ff7c106958e GetWindowRect GetClientRect 26987->26988 26988->26966 26988->26967 26990 7ff7c106949c 26989->26990 26991 7ff7c10695a1 26990->26991 26993 7ff7c105129c 33 API calls 26990->26993 26992 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26991->26992 26994 7ff7c10695a7 26992->26994 26995 7ff7c1069514 26993->26995 26995->26986 26996 7ff7c106959c 26995->26996 26997 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 26996->26997 26997->26991 26999 7ff7c1063e28 swprintf 46 API calls 26998->26999 27000 7ff7c10695eb 26999->27000 27001 7ff7c1070f68 WideCharToMultiByte 27000->27001 27002 7ff7c1069603 27001->27002 27003 7ff7c1069800 31 API calls 27002->27003 27004 7ff7c106961b 27003->27004 27005 7ff7c1082320 _handle_error 8 API calls 27004->27005 27006 7ff7c106962b 27005->27006 27006->26967 27006->26978 27008 7ff7c10513a4 33 API calls 27007->27008 27009 7ff7c1052462 GetWindowTextW 27008->27009 27010 7ff7c1052494 27009->27010 27011 7ff7c105129c 33 API calls 27010->27011 27012 7ff7c10524a2 27011->27012 27013 7ff7c10524dd 27012->27013 27016 7ff7c1052505 27012->27016 27014 7ff7c1082320 _handle_error 8 API calls 27013->27014 27015 7ff7c10524f3 27014->27015 27015->26654 27017 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27016->27017 27018 7ff7c105250a 27017->27018 27019->26665 27021->26680 27023 7ff7c107ae3c GetMessageW 27022->27023 27024 7ff7c107ae80 GetDlgItem 27022->27024 27025 7ff7c107ae5b IsDialogMessageW 27023->27025 27026 7ff7c107ae6a TranslateMessage DispatchMessageW 27023->27026 27024->26691 27024->26692 27025->27024 27025->27026 27026->27024 27029 7ff7c10636b3 27027->27029 27028 7ff7c10636e0 27031 7ff7c10632bc 51 API calls 27028->27031 27029->27028 27030 7ff7c10636cc CreateDirectoryW 27029->27030 27030->27028 27033 7ff7c106377d 27030->27033 27032 7ff7c10636ee 27031->27032 27034 7ff7c1063791 GetLastError 27032->27034 27036 7ff7c1066a0c 49 API calls 27032->27036 27035 7ff7c106378d 27033->27035 27047 7ff7c1063d34 27033->27047 27034->27035 27039 7ff7c1082320 _handle_error 8 API calls 27035->27039 27038 7ff7c106371c 27036->27038 27040 7ff7c106373b 27038->27040 27041 7ff7c1063720 CreateDirectoryW 27038->27041 27042 7ff7c10637b9 27039->27042 27043 7ff7c1063774 27040->27043 27044 7ff7c10637ce 27040->27044 27041->27040 27042->26707 27043->27033 27043->27034 27045 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27044->27045 27046 7ff7c10637d3 27045->27046 27048 7ff7c1063d5b 27047->27048 27049 7ff7c1063d5e SetFileAttributesW 27047->27049 27048->27049 27050 7ff7c1063df5 27049->27050 27051 7ff7c1063d74 27049->27051 27052 7ff7c1082320 _handle_error 8 API calls 27050->27052 27053 7ff7c1066a0c 49 API calls 27051->27053 27054 7ff7c1063e0a 27052->27054 27055 7ff7c1063d99 27053->27055 27054->27035 27056 7ff7c1063dbc 27055->27056 27057 7ff7c1063d9d SetFileAttributesW 27055->27057 27056->27050 27058 7ff7c1063e1a 27056->27058 27057->27056 27059 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27058->27059 27060 7ff7c1063e1f 27059->27060 27062 7ff7c105713b 27061->27062 27063 7ff7c1057206 27061->27063 27067 7ff7c105714b memcpy_s 27062->27067 27070 7ff7c1053f48 33 API calls 2 library calls 27062->27070 27071 7ff7c105704c 47 API calls memcpy_s 27063->27071 27065 7ff7c105720b 27068 7ff7c1057273 27065->27068 27072 7ff7c105889c 8 API calls memcpy_s 27065->27072 27067->26726 27068->26726 27070->27067 27071->27065 27072->27065 27074 7ff7c107aa36 27073->27074 27075 7ff7c107aa2f 27073->27075 27074->27075 27205 7ff7c1051744 33 API calls 4 library calls 27074->27205 27075->26860 27077->26860 27079 7ff7c107a706 27078->27079 27080 7ff7c107a47f 27078->27080 27082 7ff7c1082320 _handle_error 8 API calls 27079->27082 27206 7ff7c107cdf8 33 API calls 27080->27206 27084 7ff7c107a717 27082->27084 27083 7ff7c107a49e 27085 7ff7c105129c 33 API calls 27083->27085 27084->26826 27086 7ff7c107a4de 27085->27086 27087 7ff7c105129c 33 API calls 27086->27087 27088 7ff7c107a517 27087->27088 27089 7ff7c105129c 33 API calls 27088->27089 27090 7ff7c107a54a 27089->27090 27207 7ff7c107a834 33 API calls _invalid_parameter_noinfo_noreturn 27090->27207 27092 7ff7c107a734 27093 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27092->27093 27094 7ff7c107a73a 27093->27094 27095 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27094->27095 27096 7ff7c107a740 27095->27096 27098 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27096->27098 27097 7ff7c107a573 27097->27092 27097->27094 27097->27096 27099 7ff7c10520b0 33 API calls 27097->27099 27101 7ff7c107a685 27097->27101 27100 7ff7c107a746 27098->27100 27099->27101 27103 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27100->27103 27101->27079 27101->27100 27102 7ff7c107a72f 27101->27102 27105 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27102->27105 27104 7ff7c107a74c 27103->27104 27106 7ff7c105255c 61 API calls 27104->27106 27105->27092 27107 7ff7c107a795 27106->27107 27108 7ff7c107a7b1 27107->27108 27109 7ff7c107a801 SetDlgItemTextW 27107->27109 27110 7ff7c107a7a1 27107->27110 27111 7ff7c1082320 _handle_error 8 API calls 27108->27111 27109->27108 27110->27108 27115 7ff7c107a7ad 27110->27115 27208 7ff7c106bb00 102 API calls 27110->27208 27112 7ff7c107a827 27111->27112 27112->26826 27113 7ff7c107a7b7 EndDialog 27113->27108 27115->27108 27115->27113 27122 7ff7c107f529 __scrt_get_show_window_mode 27116->27122 27132 7ff7c107f87d 27116->27132 27117 7ff7c1051fa0 31 API calls 27118 7ff7c107f89c 27117->27118 27119 7ff7c1082320 _handle_error 8 API calls 27118->27119 27120 7ff7c107f8a8 27119->27120 27120->26829 27121 7ff7c107f684 27124 7ff7c105129c 33 API calls 27121->27124 27122->27121 27209 7ff7c10713c4 CompareStringW 27122->27209 27125 7ff7c107f6c0 27124->27125 27126 7ff7c10632a8 51 API calls 27125->27126 27127 7ff7c107f6ca 27126->27127 27128 7ff7c1051fa0 31 API calls 27127->27128 27131 7ff7c107f6d5 27128->27131 27129 7ff7c107f742 ShellExecuteExW 27130 7ff7c107f846 27129->27130 27138 7ff7c107f755 27129->27138 27130->27132 27136 7ff7c107f8fb 27130->27136 27131->27129 27133 7ff7c105129c 33 API calls 27131->27133 27132->27117 27135 7ff7c107f717 27133->27135 27134 7ff7c107f78e 27211 7ff7c107fe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 27134->27211 27210 7ff7c1065b60 53 API calls 2 library calls 27135->27210 27140 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27136->27140 27137 7ff7c107f7e3 CloseHandle 27141 7ff7c107f801 27137->27141 27142 7ff7c107f7f2 27137->27142 27138->27134 27138->27137 27143 7ff7c107f781 ShowWindow 27138->27143 27146 7ff7c107f900 27140->27146 27141->27130 27150 7ff7c107f837 ShowWindow 27141->27150 27212 7ff7c10713c4 CompareStringW 27142->27212 27143->27134 27145 7ff7c107f725 27149 7ff7c1051fa0 31 API calls 27145->27149 27148 7ff7c107f7a6 27148->27137 27152 7ff7c107f7b4 GetExitCodeProcess 27148->27152 27151 7ff7c107f72f 27149->27151 27150->27130 27151->27129 27152->27137 27153 7ff7c107f7c7 27152->27153 27153->27137 27154->26860 27155->26860 27156->26860 27157->26860 27158->26860 27159->26860 27160->26860 27161->26860 27162->26860 27163->26860 27165 7ff7c10672ea 27164->27165 27213 7ff7c105b3a8 27165->27213 27168->26860 27170 7ff7c10631e7 DeleteFileW 27169->27170 27171 7ff7c10631e4 27169->27171 27172 7ff7c10631fd 27170->27172 27180 7ff7c106327c 27170->27180 27171->27170 27173 7ff7c1066a0c 49 API calls 27172->27173 27175 7ff7c1063222 27173->27175 27174 7ff7c1082320 _handle_error 8 API calls 27176 7ff7c1063291 27174->27176 27177 7ff7c1063243 27175->27177 27178 7ff7c1063226 DeleteFileW 27175->27178 27176->26860 27179 7ff7c10632a1 27177->27179 27177->27180 27178->27177 27181 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27179->27181 27180->27174 27182 7ff7c10632a6 27181->27182 27184->26860 27185->26860 27186->26860 27187->26860 27188->26860 27189->26860 27192 7ff7c106d25e 27190->27192 27191 7ff7c106d292 27191->26865 27192->27191 27193 7ff7c1051744 33 API calls 27192->27193 27193->27192 27194->26781 27195->26771 27197->26751 27198->26755 27199->26758 27200->26808 27201->26798 27203->26799 27205->27074 27206->27083 27207->27097 27208->27115 27209->27121 27210->27145 27211->27148 27212->27141 27216 7ff7c105b3f2 __scrt_get_show_window_mode 27213->27216 27214 7ff7c1082320 _handle_error 8 API calls 27215 7ff7c105b4b6 27214->27215 27215->26860 27216->27214 27273 7ff7c10686ec 27217->27273 27219 7ff7c105e3c4 27279 7ff7c105e600 27219->27279 27221 7ff7c105e4d4 27222 7ff7c10821d0 33 API calls 27221->27222 27225 7ff7c105e4f0 27222->27225 27223 7ff7c105e549 27226 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27223->27226 27224 7ff7c105e454 27224->27221 27224->27223 27285 7ff7c1073148 102 API calls 27225->27285 27234 7ff7c105e54e 27226->27234 27228 7ff7c105e51d 27229 7ff7c1082320 _handle_error 8 API calls 27228->27229 27231 7ff7c105e52d 27229->27231 27230 7ff7c10618c2 27233 7ff7c106190d 27230->27233 27235 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27230->27235 27231->26900 27232 7ff7c1051fa0 31 API calls 27232->27234 27233->26900 27234->27230 27234->27232 27234->27233 27236 7ff7c106193b 27235->27236 27241 7ff7c105e7ea 27237->27241 27238 7ff7c105e864 27240 7ff7c105e8a1 27238->27240 27242 7ff7c105e993 27238->27242 27249 7ff7c105e900 27240->27249 27293 7ff7c105f578 27240->27293 27241->27238 27241->27240 27286 7ff7c1063ec8 27241->27286 27243 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27242->27243 27247 7ff7c105e998 27243->27247 27244 7ff7c105e955 27246 7ff7c1082320 _handle_error 8 API calls 27244->27246 27248 7ff7c105e97e 27246->27248 27251 7ff7c105e578 27248->27251 27249->27244 27329 7ff7c10528a4 82 API calls 2 library calls 27249->27329 28246 7ff7c10615d8 27251->28246 27254 7ff7c105e59e 27255 7ff7c1051fa0 31 API calls 27254->27255 27257 7ff7c105e5b7 27255->27257 27256 7ff7c1071870 108 API calls 27256->27254 27258 7ff7c1051fa0 31 API calls 27257->27258 27259 7ff7c105e5c3 27258->27259 27260 7ff7c1051fa0 31 API calls 27259->27260 27261 7ff7c105e5cf 27260->27261 27262 7ff7c106878c 108 API calls 27261->27262 27263 7ff7c105e5db 27262->27263 27264 7ff7c1051fa0 31 API calls 27263->27264 27265 7ff7c105e5e4 27264->27265 27266 7ff7c1051fa0 31 API calls 27265->27266 27270 7ff7c105e5ed 27266->27270 27267 7ff7c10618c2 27269 7ff7c106190d 27267->27269 27271 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27267->27271 27268 7ff7c1051fa0 31 API calls 27268->27270 27269->26904 27270->27267 27270->27268 27270->27269 27272 7ff7c106193b 27271->27272 27274 7ff7c106870a 27273->27274 27275 7ff7c10821d0 33 API calls 27274->27275 27276 7ff7c106872f 27275->27276 27277 7ff7c10821d0 33 API calls 27276->27277 27278 7ff7c1068759 27277->27278 27278->27219 27280 7ff7c105e62c memcpy_s 27279->27280 27281 7ff7c105e627 27279->27281 27282 7ff7c105e668 memcpy_s 27280->27282 27284 7ff7c1051fa0 31 API calls 27280->27284 27283 7ff7c1051fa0 31 API calls 27281->27283 27282->27224 27283->27280 27284->27282 27285->27228 27287 7ff7c10672cc 8 API calls 27286->27287 27288 7ff7c1063ee1 27287->27288 27292 7ff7c1063f0f 27288->27292 27330 7ff7c10640bc 27288->27330 27291 7ff7c1063efa FindClose 27291->27292 27292->27241 27294 7ff7c105f598 _snwprintf 27293->27294 27356 7ff7c1052950 27294->27356 27297 7ff7c105f5cc 27302 7ff7c105f5fc 27297->27302 27371 7ff7c10533e4 27297->27371 27300 7ff7c105f5f8 27300->27302 27403 7ff7c1053ad8 27300->27403 27622 7ff7c1052c54 27302->27622 27308 7ff7c105f7cb 27413 7ff7c105f8a4 27308->27413 27309 7ff7c1058d04 33 API calls 27311 7ff7c105f662 27309->27311 27642 7ff7c1067918 48 API calls 2 library calls 27311->27642 27313 7ff7c105f677 27314 7ff7c1063ec8 55 API calls 27313->27314 27319 7ff7c105f6ad 27314->27319 27316 7ff7c105f842 27316->27302 27434 7ff7c10569f8 27316->27434 27445 7ff7c105f930 27316->27445 27322 7ff7c105f89a 27319->27322 27323 7ff7c105f74d 27319->27323 27326 7ff7c1063ec8 55 API calls 27319->27326 27643 7ff7c1067918 48 API calls 2 library calls 27319->27643 27324 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27322->27324 27323->27308 27323->27322 27325 7ff7c105f895 27323->27325 27328 7ff7c105f8a0 27324->27328 27327 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27325->27327 27326->27319 27327->27322 27329->27244 27331 7ff7c10640f9 FindFirstFileW 27330->27331 27332 7ff7c10641d2 FindNextFileW 27330->27332 27334 7ff7c10641f3 27331->27334 27336 7ff7c106411e 27331->27336 27332->27334 27335 7ff7c10641e1 GetLastError 27332->27335 27338 7ff7c1064211 27334->27338 27341 7ff7c10520b0 33 API calls 27334->27341 27337 7ff7c10641c0 27335->27337 27339 7ff7c1066a0c 49 API calls 27336->27339 27342 7ff7c1082320 _handle_error 8 API calls 27337->27342 27345 7ff7c105129c 33 API calls 27338->27345 27340 7ff7c1064144 27339->27340 27343 7ff7c1064148 FindFirstFileW 27340->27343 27349 7ff7c1064167 27340->27349 27341->27338 27344 7ff7c1063ef4 27342->27344 27343->27349 27344->27291 27344->27292 27346 7ff7c106423b 27345->27346 27347 7ff7c1068090 47 API calls 27346->27347 27350 7ff7c1064249 27347->27350 27348 7ff7c10641af GetLastError 27348->27337 27349->27334 27349->27348 27355 7ff7c1064314 27349->27355 27350->27337 27353 7ff7c106430f 27350->27353 27351 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27352 7ff7c106431a 27351->27352 27354 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27353->27354 27354->27355 27355->27351 27357 7ff7c105296c 27356->27357 27358 7ff7c10686ec 33 API calls 27357->27358 27359 7ff7c105298d 27358->27359 27360 7ff7c10821d0 33 API calls 27359->27360 27364 7ff7c1052ac2 27359->27364 27361 7ff7c1052ab0 27360->27361 27361->27364 27365 7ff7c10591c8 35 API calls 27361->27365 27644 7ff7c1064d04 27364->27644 27365->27364 27366 7ff7c1062ca8 27370 7ff7c10624c0 54 API calls 27366->27370 27367 7ff7c1062cc1 27368 7ff7c1062cc5 27367->27368 27658 7ff7c105b7e8 99 API calls 2 library calls 27367->27658 27368->27297 27370->27367 27395 7ff7c10628d0 104 API calls 27371->27395 27372 7ff7c1053674 27659 7ff7c10528a4 82 API calls 2 library calls 27372->27659 27373 7ff7c1053431 __scrt_get_show_window_mode 27381 7ff7c105344e 27373->27381 27384 7ff7c1053601 27373->27384 27402 7ff7c1062bb0 101 API calls 27373->27402 27375 7ff7c10569f8 132 API calls 27377 7ff7c1053682 27375->27377 27376 7ff7c10534cc 27397 7ff7c10628d0 104 API calls 27376->27397 27377->27375 27378 7ff7c105370c 27377->27378 27377->27384 27398 7ff7c1062aa0 101 API calls 27377->27398 27383 7ff7c1053740 27378->27383 27378->27384 27660 7ff7c10528a4 82 API calls 2 library calls 27378->27660 27380 7ff7c10535cb 27380->27381 27382 7ff7c10535d7 27380->27382 27381->27372 27381->27377 27382->27384 27386 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27382->27386 27383->27384 27385 7ff7c105384d 27383->27385 27400 7ff7c1062bb0 101 API calls 27383->27400 27384->27300 27385->27384 27388 7ff7c10520b0 33 API calls 27385->27388 27389 7ff7c1053891 27386->27389 27387 7ff7c10534eb 27387->27380 27394 7ff7c1062aa0 101 API calls 27387->27394 27388->27384 27389->27300 27390 7ff7c10535a7 27390->27380 27399 7ff7c10628d0 104 API calls 27390->27399 27391 7ff7c10569f8 132 API calls 27392 7ff7c105378e 27391->27392 27392->27391 27393 7ff7c1053803 27392->27393 27401 7ff7c1062aa0 101 API calls 27392->27401 27396 7ff7c1062aa0 101 API calls 27393->27396 27394->27390 27395->27373 27396->27385 27397->27387 27398->27377 27399->27380 27400->27392 27401->27392 27402->27376 27404 7ff7c1053af9 27403->27404 27405 7ff7c1053b55 27403->27405 27661 7ff7c1053378 27404->27661 27406 7ff7c1082320 _handle_error 8 API calls 27405->27406 27408 7ff7c1053b67 27406->27408 27408->27308 27408->27309 27410 7ff7c1053b6c 27411 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27410->27411 27412 7ff7c1053b71 27411->27412 27888 7ff7c106886c 27413->27888 27415 7ff7c105f8ba 27892 7ff7c106ef60 GetSystemTime SystemTimeToFileTime 27415->27892 27418 7ff7c1070994 27419 7ff7c1080340 27418->27419 27420 7ff7c1067df4 47 API calls 27419->27420 27421 7ff7c1080373 27420->27421 27422 7ff7c106aae0 48 API calls 27421->27422 27423 7ff7c1080387 27422->27423 27424 7ff7c106da98 48 API calls 27423->27424 27425 7ff7c1080397 27424->27425 27426 7ff7c1051fa0 31 API calls 27425->27426 27427 7ff7c10803a2 27426->27427 27901 7ff7c107fc68 27427->27901 27435 7ff7c1056a0e 27434->27435 27440 7ff7c1056a0a 27434->27440 27444 7ff7c1062bb0 101 API calls 27435->27444 27436 7ff7c1056a1b 27437 7ff7c1056a3e 27436->27437 27438 7ff7c1056a2f 27436->27438 27975 7ff7c1055130 130 API calls 2 library calls 27437->27975 27438->27440 27913 7ff7c1055e24 27438->27913 27440->27316 27442 7ff7c1056a3c 27442->27440 27976 7ff7c105466c 82 API calls 27442->27976 27444->27436 27446 7ff7c105f978 27445->27446 27451 7ff7c105f9b0 27446->27451 27484 7ff7c105fa34 27446->27484 28091 7ff7c107612c 137 API calls 3 library calls 27446->28091 27447 7ff7c1061189 27450 7ff7c106118e 27447->27450 27454 7ff7c10611e1 27447->27454 27449 7ff7c1082320 _handle_error 8 API calls 27452 7ff7c10611c4 27449->27452 27450->27484 28139 7ff7c105dd08 179 API calls 27450->28139 27451->27447 27457 7ff7c105f9d0 27451->27457 27451->27484 27452->27316 27454->27484 28140 7ff7c107612c 137 API calls 3 library calls 27454->28140 27457->27484 28006 7ff7c1059bb0 27457->28006 27458 7ff7c105fad6 28019 7ff7c1065ef8 27458->28019 27462 7ff7c105fb7a 27621 7ff7c1062aa0 101 API calls 27462->27621 27463 7ff7c105fb5e 27463->27462 27466 7ff7c105fbd7 27484->27449 27621->27466 27623 7ff7c1052c74 27622->27623 27624 7ff7c1052c88 27622->27624 27623->27624 28225 7ff7c1052d80 108 API calls _invalid_parameter_noinfo_noreturn 27623->28225 27625 7ff7c1051fa0 31 API calls 27624->27625 27628 7ff7c1052ca1 27625->27628 27641 7ff7c1052d64 27628->27641 28226 7ff7c1053090 31 API calls _invalid_parameter_noinfo_noreturn 27628->28226 27629 7ff7c1052d08 28227 7ff7c1053090 31 API calls _invalid_parameter_noinfo_noreturn 27629->28227 27630 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27632 7ff7c1052d7c 27630->27632 27633 7ff7c1052d14 27634 7ff7c1051fa0 31 API calls 27633->27634 27635 7ff7c1052d20 27634->27635 28228 7ff7c106878c 27635->28228 27641->27630 27642->27313 27643->27319 27645 7ff7c1064d32 __scrt_get_show_window_mode 27644->27645 27654 7ff7c1064bac 27645->27654 27647 7ff7c1064d54 27648 7ff7c1064d90 27647->27648 27650 7ff7c1064dae 27647->27650 27649 7ff7c1082320 _handle_error 8 API calls 27648->27649 27651 7ff7c1052b32 27649->27651 27652 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27650->27652 27651->27297 27651->27366 27653 7ff7c1064db3 27652->27653 27655 7ff7c1064c27 27654->27655 27657 7ff7c1064c2f memcpy_s 27654->27657 27656 7ff7c1051fa0 31 API calls 27655->27656 27656->27657 27657->27647 27658->27368 27659->27384 27660->27383 27662 7ff7c1053396 27661->27662 27663 7ff7c105339a 27661->27663 27662->27405 27662->27410 27667 7ff7c1053294 27663->27667 27666 7ff7c1062aa0 101 API calls 27666->27662 27668 7ff7c10532bb 27667->27668 27670 7ff7c10532f6 27667->27670 27669 7ff7c10569f8 132 API calls 27668->27669 27673 7ff7c10532db 27669->27673 27675 7ff7c1056e74 27670->27675 27673->27666 27678 7ff7c1056e95 27675->27678 27676 7ff7c10569f8 132 API calls 27676->27678 27678->27676 27679 7ff7c105331d 27678->27679 27707 7ff7c106e808 27678->27707 27679->27673 27680 7ff7c1053904 27679->27680 27715 7ff7c1056a7c 27680->27715 27683 7ff7c105396a 27686 7ff7c1053989 27683->27686 27687 7ff7c105399a 27683->27687 27684 7ff7c1053a8a 27688 7ff7c1082320 _handle_error 8 API calls 27684->27688 27748 7ff7c1070d54 33 API calls 27686->27748 27692 7ff7c10539a3 27687->27692 27695 7ff7c10539ec 27687->27695 27691 7ff7c1053a9e 27688->27691 27689 7ff7c1053ab3 27693 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27689->27693 27691->27673 27749 7ff7c1070c80 33 API calls 27692->27749 27696 7ff7c1053ab8 27693->27696 27750 7ff7c10526b4 33 API calls memcpy_s 27695->27750 27702 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27696->27702 27697 7ff7c10539b0 27699 7ff7c1051fa0 31 API calls 27697->27699 27704 7ff7c10539c0 memcpy_s 27697->27704 27699->27704 27700 7ff7c1051fa0 31 API calls 27706 7ff7c105394f 27700->27706 27701 7ff7c1053a13 27751 7ff7c1070ae8 34 API calls _invalid_parameter_noinfo_noreturn 27701->27751 27703 7ff7c1053abe 27702->27703 27704->27700 27706->27684 27706->27689 27706->27696 27709 7ff7c106e811 27707->27709 27708 7ff7c106e82b 27711 7ff7c106e845 SetThreadExecutionState 27708->27711 27714 7ff7c105b664 RtlPcToFileHeader RaiseException _com_raise_error 27708->27714 27709->27708 27713 7ff7c105b664 RtlPcToFileHeader RaiseException _com_raise_error 27709->27713 27713->27708 27714->27711 27716 7ff7c1056a96 _snwprintf 27715->27716 27717 7ff7c1056ae4 27716->27717 27718 7ff7c1056ac4 27716->27718 27720 7ff7c1056d4d 27717->27720 27723 7ff7c1056b0f 27717->27723 27790 7ff7c10528a4 82 API calls 2 library calls 27718->27790 27819 7ff7c10528a4 82 API calls 2 library calls 27720->27819 27722 7ff7c1056ad0 27724 7ff7c1082320 _handle_error 8 API calls 27722->27724 27723->27722 27752 7ff7c1071f94 27723->27752 27725 7ff7c105394b 27724->27725 27725->27683 27725->27706 27747 7ff7c1052794 33 API calls __std_swap_ranges_trivially_swappable 27725->27747 27728 7ff7c1056b85 27731 7ff7c1056c2a 27728->27731 27746 7ff7c1056b7b 27728->27746 27796 7ff7c1068968 109 API calls 27728->27796 27729 7ff7c1056b6e 27791 7ff7c10528a4 82 API calls 2 library calls 27729->27791 27730 7ff7c1056b80 27730->27728 27792 7ff7c10540b0 27730->27792 27761 7ff7c1064760 27731->27761 27737 7ff7c1056c52 27738 7ff7c1056cc7 27737->27738 27739 7ff7c1056cd1 27737->27739 27765 7ff7c1061794 27738->27765 27797 7ff7c1071f20 27739->27797 27742 7ff7c1056ccf 27817 7ff7c1064700 8 API calls _handle_error 27742->27817 27744 7ff7c1056cfd 27744->27746 27818 7ff7c105433c 82 API calls 2 library calls 27744->27818 27780 7ff7c1071870 27746->27780 27747->27683 27748->27706 27749->27697 27750->27701 27751->27706 27753 7ff7c1072056 std::bad_alloc::bad_alloc 27752->27753 27756 7ff7c1071fc5 std::bad_alloc::bad_alloc 27752->27756 27755 7ff7c1084078 _com_raise_error 2 API calls 27753->27755 27754 7ff7c1056b59 27754->27728 27754->27729 27754->27730 27755->27756 27756->27754 27757 7ff7c107200f std::bad_alloc::bad_alloc 27756->27757 27758 7ff7c1084078 _com_raise_error 2 API calls 27756->27758 27757->27754 27759 7ff7c1084078 _com_raise_error 2 API calls 27757->27759 27758->27757 27760 7ff7c10720a9 27759->27760 27762 7ff7c1064780 27761->27762 27764 7ff7c106478a 27761->27764 27763 7ff7c10821d0 33 API calls 27762->27763 27763->27764 27764->27737 27766 7ff7c10617be __scrt_get_show_window_mode 27765->27766 27820 7ff7c1068a48 27766->27820 27769 7ff7c10617f2 27771 7ff7c1068a48 146 API calls 27769->27771 27772 7ff7c1061830 27769->27772 27830 7ff7c1068c4c 27769->27830 27771->27769 27781 7ff7c107188e 27780->27781 27783 7ff7c10718a1 27781->27783 27840 7ff7c106e948 27781->27840 27787 7ff7c10718d8 27783->27787 27836 7ff7c108236c 27783->27836 27785 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27786 7ff7c1071ad0 27785->27786 27789 7ff7c1071a37 27787->27789 27847 7ff7c106a984 31 API calls _invalid_parameter_noinfo_noreturn 27787->27847 27789->27785 27790->27722 27791->27746 27793 7ff7c10540dd 27792->27793 27795 7ff7c10540d7 __scrt_get_show_window_mode 27792->27795 27793->27795 27848 7ff7c1054120 27793->27848 27795->27728 27796->27731 27798 7ff7c1071f29 27797->27798 27799 7ff7c1071f5d 27798->27799 27800 7ff7c1071f55 27798->27800 27801 7ff7c1071f49 27798->27801 27799->27742 27884 7ff7c1073964 151 API calls 27800->27884 27854 7ff7c10720ac 27801->27854 27804 7ff7c1068a48 146 API calls 27813 7ff7c1074733 memcpy_s 27804->27813 27805 7ff7c1074ad7 27813->27804 27813->27805 27858 7ff7c106e9dc 27813->27858 27864 7ff7c106ecd8 27813->27864 27868 7ff7c10723a0 27813->27868 27885 7ff7c1072ab0 146 API calls 27813->27885 27886 7ff7c1074b98 146 API calls 27813->27886 27817->27744 27818->27746 27819->27722 27822 7ff7c1068bcd 27820->27822 27825 7ff7c1068a91 memcpy_s 27820->27825 27821 7ff7c1068c1a 27823 7ff7c106e808 SetThreadExecutionState RtlPcToFileHeader RaiseException 27821->27823 27822->27821 27824 7ff7c105a174 8 API calls 27822->27824 27827 7ff7c1068c1f 27823->27827 27824->27821 27825->27822 27826 7ff7c107612c 137 API calls 27825->27826 27825->27827 27828 7ff7c1064888 108 API calls 27825->27828 27829 7ff7c10628d0 104 API calls 27825->27829 27826->27825 27827->27769 27828->27825 27829->27825 27837 7ff7c108239f 27836->27837 27838 7ff7c10823c8 27837->27838 27839 7ff7c1071870 108 API calls 27837->27839 27838->27787 27839->27837 27841 7ff7c106ecd8 103 API calls 27840->27841 27842 7ff7c106e95f ReleaseSemaphore 27841->27842 27843 7ff7c106e9a3 DeleteCriticalSection CloseHandle CloseHandle 27842->27843 27844 7ff7c106e984 27842->27844 27845 7ff7c106ea5c 101 API calls 27844->27845 27846 7ff7c106e98e CloseHandle 27845->27846 27846->27843 27846->27844 27847->27789 27851 7ff7c1054149 27848->27851 27853 7ff7c1054168 __std_swap_ranges_trivially_swappable __scrt_get_show_window_mode 27848->27853 27849 7ff7c1052018 33 API calls 27850 7ff7c10541eb 27849->27850 27852 7ff7c10821d0 33 API calls 27851->27852 27851->27853 27852->27853 27853->27849 27856 7ff7c10720c8 __scrt_get_show_window_mode 27854->27856 27855 7ff7c10721ba 27855->27813 27856->27855 27857 7ff7c105b75c 82 API calls 27856->27857 27857->27856 27884->27799 27885->27813 27886->27813 27889 7ff7c1068882 27888->27889 27890 7ff7c1068892 27888->27890 27895 7ff7c10623f0 27889->27895 27890->27415 27893 7ff7c1082320 _handle_error 8 API calls 27892->27893 27894 7ff7c105f7dc 27893->27894 27894->27316 27894->27418 27896 7ff7c106240f 27895->27896 27899 7ff7c1062aa0 101 API calls 27896->27899 27897 7ff7c1062428 27900 7ff7c1062bb0 101 API calls 27897->27900 27898 7ff7c1062438 27898->27890 27899->27897 27900->27898 27902 7ff7c107fc94 27901->27902 27903 7ff7c105129c 33 API calls 27902->27903 27904 7ff7c107fca4 27903->27904 27905 7ff7c107f0a4 24 API calls 27904->27905 27906 7ff7c107fcb1 27905->27906 27907 7ff7c107fceb 27906->27907 27909 7ff7c107fd03 27906->27909 27908 7ff7c1082320 _handle_error 8 API calls 27907->27908 27910 7ff7c107fcfd 27908->27910 27911 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27909->27911 27914 7ff7c1055e67 27913->27914 27977 7ff7c10685f0 27914->27977 27916 7ff7c1056134 27987 7ff7c1056fcc 82 API calls 27916->27987 27918 7ff7c10569af 27919 7ff7c1082320 _handle_error 8 API calls 27918->27919 27920 7ff7c10569c3 27919->27920 27920->27442 27921 7ff7c10569e4 27924 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27921->27924 27922 7ff7c1056973 28000 7ff7c105466c 82 API calls 27922->28000 27923 7ff7c105612e 27923->27916 27923->27922 27927 7ff7c10685f0 104 API calls 27923->27927 27926 7ff7c10569e9 27924->27926 27929 7ff7c10561a4 27927->27929 27929->27916 27933 7ff7c10561ac 27929->27933 27930 7ff7c10569ef 27931 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 27930->27931 27932 7ff7c10569f5 27931->27932 27934 7ff7c105623f 27933->27934 27988 7ff7c105466c 82 API calls 27933->27988 27934->27922 27936 7ff7c1056266 27934->27936 27939 7ff7c10562ce 27936->27939 27940 7ff7c10568b7 27936->27940 27941 7ff7c1056481 27939->27941 27944 7ff7c10562e0 27939->27944 27942 7ff7c1064d04 31 API calls 27940->27942 27970 7ff7c105613c 27944->27970 27970->27918 27970->27921 27970->27930 27975->27442 27979 7ff7c1068614 27977->27979 27980 7ff7c106869a 27977->27980 27978 7ff7c106867c 27978->27923 27979->27978 27981 7ff7c10540b0 33 API calls 27979->27981 27980->27978 27982 7ff7c10540b0 33 API calls 27980->27982 27983 7ff7c106864d 27981->27983 27984 7ff7c10686b3 27982->27984 28001 7ff7c105a174 27983->28001 27986 7ff7c10628d0 104 API calls 27984->27986 27986->27978 27987->27970 28002 7ff7c105a185 28001->28002 28003 7ff7c105a19a 28002->28003 28005 7ff7c106af18 8 API calls 2 library calls 28002->28005 28003->27978 28005->28003 28011 7ff7c1059be7 28006->28011 28007 7ff7c1059c1b 28008 7ff7c1082320 _handle_error 8 API calls 28007->28008 28009 7ff7c1059c9d 28008->28009 28009->27458 28011->28007 28012 7ff7c1059c83 28011->28012 28015 7ff7c1059cae 28011->28015 28141 7ff7c1065294 28011->28141 28159 7ff7c106db60 28011->28159 28013 7ff7c1051fa0 31 API calls 28012->28013 28013->28007 28016 7ff7c1059cbf 28015->28016 28163 7ff7c106da48 CompareStringW 28015->28163 28016->28012 28018 7ff7c10520b0 33 API calls 28016->28018 28018->28012 28032 7ff7c1065f3a 28019->28032 28020 7ff7c106619b 28022 7ff7c1082320 _handle_error 8 API calls 28020->28022 28021 7ff7c10661ce 28167 7ff7c105704c 47 API calls memcpy_s 28021->28167 28024 7ff7c105fb29 28022->28024 28024->27462 28092 7ff7c1067c94 47 API calls 2 library calls 28024->28092 28025 7ff7c105129c 33 API calls 28027 7ff7c1066129 28025->28027 28026 7ff7c10661d4 28028 7ff7c1051fa0 31 API calls 28027->28028 28029 7ff7c106613b memcpy_s 28027->28029 28028->28029 28029->28020 28030 7ff7c10661c9 28029->28030 28031 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 28030->28031 28031->28021 28032->28020 28032->28021 28032->28025 28091->27451 28092->27463 28139->27484 28140->27484 28142 7ff7c10652d4 28141->28142 28146 7ff7c1065312 __vcrt_FlsAlloc 28142->28146 28148 7ff7c1065339 __vcrt_FlsAlloc 28142->28148 28164 7ff7c10713f4 CompareStringW 28142->28164 28143 7ff7c1082320 _handle_error 8 API calls 28145 7ff7c1065503 28143->28145 28145->28011 28146->28148 28149 7ff7c1065382 __vcrt_FlsAlloc 28146->28149 28165 7ff7c10713f4 CompareStringW 28146->28165 28148->28143 28149->28148 28150 7ff7c105129c 33 API calls 28149->28150 28151 7ff7c1065439 28149->28151 28152 7ff7c1065426 28150->28152 28153 7ff7c1065489 28151->28153 28155 7ff7c106551b 28151->28155 28154 7ff7c10672cc 8 API calls 28152->28154 28153->28148 28166 7ff7c10713f4 CompareStringW 28153->28166 28154->28151 28157 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 28155->28157 28158 7ff7c1065520 28157->28158 28160 7ff7c106db73 28159->28160 28161 7ff7c10520b0 33 API calls 28160->28161 28162 7ff7c106db91 28160->28162 28161->28162 28162->28011 28163->28016 28164->28146 28165->28149 28166->28148 28167->28026 28225->27624 28226->27629 28227->27633 28229 7ff7c10687af 28228->28229 28230 7ff7c10687df 28228->28230 28231 7ff7c108236c 108 API calls 28229->28231 28232 7ff7c108236c 108 API calls 28230->28232 28240 7ff7c106882b 28230->28240 28234 7ff7c10687ca 28231->28234 28235 7ff7c1068814 28232->28235 28237 7ff7c108236c 108 API calls 28234->28237 28238 7ff7c108236c 108 API calls 28235->28238 28236 7ff7c1068845 28239 7ff7c106461c 108 API calls 28236->28239 28237->28230 28238->28240 28241 7ff7c1068851 28239->28241 28242 7ff7c106461c 28240->28242 28243 7ff7c1064632 28242->28243 28245 7ff7c106463a 28242->28245 28244 7ff7c106e948 108 API calls 28243->28244 28244->28245 28245->28236 28247 7ff7c106163e 28246->28247 28251 7ff7c1061681 28246->28251 28250 7ff7c10631bc 51 API calls 28247->28250 28247->28251 28248 7ff7c10616a0 28249 7ff7c105e600 31 API calls 28248->28249 28255 7ff7c10616de 28249->28255 28250->28247 28251->28248 28252 7ff7c1051fa0 31 API calls 28251->28252 28252->28251 28253 7ff7c106175b 28256 7ff7c1082320 _handle_error 8 API calls 28253->28256 28254 7ff7c106178d 28258 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 28254->28258 28255->28253 28255->28254 28257 7ff7c105e58a 28256->28257 28257->27254 28257->27256 28259 7ff7c1061792 28258->28259 28260->26919 28261->26923 28262->26926 28263 7ff7c10803e0 28264 7ff7c1080497 28263->28264 28265 7ff7c108041f 28263->28265 28266 7ff7c106aae0 48 API calls 28264->28266 28267 7ff7c106aae0 48 API calls 28265->28267 28268 7ff7c10804ab 28266->28268 28269 7ff7c1080433 28267->28269 28270 7ff7c106da98 48 API calls 28268->28270 28271 7ff7c106da98 48 API calls 28269->28271 28276 7ff7c1080442 memcpy_s 28270->28276 28271->28276 28272 7ff7c1051fa0 31 API calls 28273 7ff7c1080541 28272->28273 28274 7ff7c105250c SetDlgItemTextW 28273->28274 28278 7ff7c1080556 SetWindowTextW 28274->28278 28275 7ff7c10805cc 28277 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 28275->28277 28276->28272 28276->28275 28287 7ff7c10805c6 28276->28287 28280 7ff7c10805d2 28277->28280 28281 7ff7c108059c 28278->28281 28282 7ff7c108056f 28278->28282 28279 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 28279->28275 28283 7ff7c1082320 _handle_error 8 API calls 28281->28283 28282->28281 28284 7ff7c10805c1 28282->28284 28285 7ff7c10805af 28283->28285 28286 7ff7c1087904 _invalid_parameter_noinfo_noreturn 31 API calls 28284->28286 28286->28287 28287->28279 28288 7ff7c10811cf 28290 7ff7c1081102 28288->28290 28289 7ff7c1081900 _com_raise_error 14 API calls 28289->28290 28290->28289

                                                                                Executed Functions

                                                                                Function 00007FF7C107B190 Relevance: 123.9, APIs: 60, Strings: 10, Instructions: 1421windowfilesleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Item$Message$_invalid_parameter_noinfo_noreturn$Send$DialogText$File$ErrorLast$CloseFindFocusLoadStringViewWindow$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleLineMappingParamShellSleepTickTranslateUnmap
                                                                                • String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
                                                                                • API String ID: 255727823-2702805183
                                                                                • Opcode ID: 9a17fb0a367c8f41df10969568811eb98f7642249842cc7a5319212f9cbedbf3
                                                                                • Instruction ID: 8e99584cce0cfe24f165ad4e7637b2c8e447094c8313f12bc4429466e44939ef
                                                                                • Opcode Fuzzy Hash: 9a17fb0a367c8f41df10969568811eb98f7642249842cc7a5319212f9cbedbf3
                                                                                • Instruction Fuzzy Hash: 72D29162A08A8381EB20FF25E8542F9A361FF857A0FC25535D94D066E6DFBCE5C4C760
                                                                                Function 00007FF7C107CE88 Relevance: 65.0, APIs: 26, Strings: 10, Instructions: 1963windowfileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$FileMessageMoveSend$DialogItemPathTemp
                                                                                • String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
                                                                                • API String ID: 3007431893-3916287355
                                                                                • Opcode ID: 900c4f0d878aa96fb44428cb217628649335f59e87d0ab690d5138d2b9e1db67
                                                                                • Instruction ID: 25d31152c1f30113ed10febabb6ca8fcd6ac6830fbe3ae0f4948acb6fb718fb3
                                                                                • Opcode Fuzzy Hash: 900c4f0d878aa96fb44428cb217628649335f59e87d0ab690d5138d2b9e1db67
                                                                                • Instruction Fuzzy Hash: 6213B072B08B8295EB10EF64D8502FC67A1FB403A8F911535DA5D17AD9DFB8E5C4C3A0
                                                                                Function 00007FF7C1080754 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 380filesleeptimeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1466 7ff7c1080754-7ff7c1080829 call 7ff7c106dfd0 call 7ff7c10662dc call 7ff7c107946c call 7ff7c1083cf0 call 7ff7c1079a14 1477 7ff7c108082b-7ff7c1080840 1466->1477 1478 7ff7c1080860-7ff7c1080883 1466->1478 1481 7ff7c108085b call 7ff7c108220c 1477->1481 1482 7ff7c1080842-7ff7c1080855 1477->1482 1479 7ff7c10808ba-7ff7c10808dd 1478->1479 1480 7ff7c1080885-7ff7c108089a 1478->1480 1485 7ff7c1080914-7ff7c1080937 1479->1485 1486 7ff7c10808df-7ff7c10808f4 1479->1486 1483 7ff7c108089c-7ff7c10808af 1480->1483 1484 7ff7c10808b5 call 7ff7c108220c 1480->1484 1481->1478 1482->1481 1487 7ff7c1080ddd-7ff7c1080de2 call 7ff7c1087904 1482->1487 1483->1484 1483->1487 1484->1479 1492 7ff7c108096e-7ff7c108097a GetCommandLineW 1485->1492 1493 7ff7c1080939-7ff7c108094e 1485->1493 1490 7ff7c10808f6-7ff7c1080909 1486->1490 1491 7ff7c108090f call 7ff7c108220c 1486->1491 1504 7ff7c1080de3-7ff7c1080df0 call 7ff7c1087904 1487->1504 1490->1487 1490->1491 1491->1485 1499 7ff7c1080b47-7ff7c1080b5e call 7ff7c1066454 1492->1499 1500 7ff7c1080980-7ff7c10809b7 call 7ff7c108797c call 7ff7c105129c call 7ff7c107cad0 1492->1500 1496 7ff7c1080969 call 7ff7c108220c 1493->1496 1497 7ff7c1080950-7ff7c1080963 1493->1497 1496->1492 1497->1487 1497->1496 1510 7ff7c1080b89-7ff7c1080ce4 call 7ff7c1051fa0 SetEnvironmentVariableW GetLocalTime call 7ff7c1063e28 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff7c107b014 call 7ff7c10698ac call 7ff7c10767b4 * 2 DialogBoxParamW call 7ff7c10768a8 * 2 1499->1510 1511 7ff7c1080b60-7ff7c1080b85 call 7ff7c1051fa0 call 7ff7c1083640 1499->1511 1526 7ff7c10809ec-7ff7c10809f3 1500->1526 1527 7ff7c10809b9-7ff7c10809cc 1500->1527 1512 7ff7c1080df5-7ff7c1080e2f call 7ff7c1081900 1504->1512 1573 7ff7c1080cec-7ff7c1080cf3 1510->1573 1574 7ff7c1080ce6 Sleep 1510->1574 1511->1510 1521 7ff7c1080e34-7ff7c1080e75 1512->1521 1521->1512 1532 7ff7c1080adb-7ff7c1080b12 call 7ff7c108797c call 7ff7c105129c call 7ff7c107fd0c 1526->1532 1533 7ff7c10809f9-7ff7c1080a13 OpenFileMappingW 1526->1533 1530 7ff7c10809ce-7ff7c10809e1 1527->1530 1531 7ff7c10809e7 call 7ff7c108220c 1527->1531 1530->1504 1530->1531 1531->1526 1532->1499 1555 7ff7c1080b14-7ff7c1080b27 1532->1555 1538 7ff7c1080a19-7ff7c1080a39 MapViewOfFile 1533->1538 1539 7ff7c1080ad0-7ff7c1080ad9 CloseHandle 1533->1539 1538->1539 1542 7ff7c1080a3f-7ff7c1080a6f UnmapViewOfFile MapViewOfFile 1538->1542 1539->1499 1542->1539 1545 7ff7c1080a71-7ff7c1080aca call 7ff7c107a190 call 7ff7c107fd0c call 7ff7c106b9b4 call 7ff7c106bb00 call 7ff7c106bb70 UnmapViewOfFile 1542->1545 1545->1539 1558 7ff7c1080b29-7ff7c1080b3c 1555->1558 1559 7ff7c1080b42 call 7ff7c108220c 1555->1559 1558->1559 1562 7ff7c1080dd7-7ff7c1080ddc call 7ff7c1087904 1558->1562 1559->1499 1562->1487 1575 7ff7c1080cfa-7ff7c1080d1d call 7ff7c106b8e0 DeleteObject 1573->1575 1576 7ff7c1080cf5 call 7ff7c1079f4c 1573->1576 1574->1573 1581 7ff7c1080d25-7ff7c1080d2c 1575->1581 1582 7ff7c1080d1f DeleteObject 1575->1582 1576->1575 1583 7ff7c1080d2e-7ff7c1080d35 1581->1583 1584 7ff7c1080d48-7ff7c1080d59 1581->1584 1582->1581 1583->1584 1585 7ff7c1080d37-7ff7c1080d43 call 7ff7c105ba0c 1583->1585 1586 7ff7c1080d6d-7ff7c1080d7a 1584->1586 1587 7ff7c1080d5b-7ff7c1080d67 call 7ff7c107fe24 CloseHandle 1584->1587 1585->1584 1590 7ff7c1080d7c-7ff7c1080d89 1586->1590 1591 7ff7c1080d9f-7ff7c1080da4 call 7ff7c10794e4 1586->1591 1587->1586 1592 7ff7c1080d8b-7ff7c1080d93 1590->1592 1593 7ff7c1080d99-7ff7c1080d9b 1590->1593 1598 7ff7c1080da9-7ff7c1080dd6 call 7ff7c1082320 1591->1598 1592->1591 1596 7ff7c1080d95-7ff7c1080d97 1592->1596 1593->1591 1597 7ff7c1080d9d 1593->1597 1596->1591 1597->1591
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDeleteDirectoryModuleObjectProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
                                                                                • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                • API String ID: 1048086575-3710569615
                                                                                • Opcode ID: 7fb843965e060d2caf1f274bd47349aa60f49b36b68f6f054b76b7ae27a5abf6
                                                                                • Instruction ID: 8b68b4430fc6661f0874a926ce881220897639ee3afb5a9e75a93ac6aaac32e3
                                                                                • Opcode Fuzzy Hash: 7fb843965e060d2caf1f274bd47349aa60f49b36b68f6f054b76b7ae27a5abf6
                                                                                • Instruction Fuzzy Hash: A8128761A1CB8685FB10FF24E855279E361FF847A4F814235DA9D46AA9DFBCE1C0C360
                                                                                Function 00007FF7C106A4AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWideswprintf
                                                                                • String ID: $%s:$CAPTION
                                                                                • API String ID: 2100155373-404845831
                                                                                • Opcode ID: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                • Instruction ID: 14c7dfe67cc6d38e2459214ce8dc996375c0303229c740eec16d9ba6cf8be633
                                                                                • Opcode Fuzzy Hash: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                • Instruction Fuzzy Hash: 5B911732B186418AE718EF39E80166AF7A1FB84794F815535EE4E47B98CF7CE845CB10
                                                                                Function 00007FF7C1078624 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 101memorywindowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                • String ID: PNG
                                                                                • API String ID: 211097158-364855578
                                                                                • Opcode ID: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                • Instruction ID: e51eb4ab9389882b75e8f9386439ce4138b55807bd927854e6ce27f8e997d87b
                                                                                • Opcode Fuzzy Hash: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                • Instruction Fuzzy Hash: 82413225A09B0681FF04AF16D854379E3A0BF88BA4F854436DD0E47764EFBCE4A8C760
                                                                                Function 00007FF7C105F930 Relevance: 17.2, APIs: 8, Strings: 1, Instructions: 1417COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: __tmp_reference_source_
                                                                                • API String ID: 3668304517-685763994
                                                                                • Opcode ID: 6851538e357941a99ebb696b081bc24ed3bcd29be91ebe21427510cb9cba344c
                                                                                • Instruction ID: 5a1cccd992dd26aab4b265709906d9ffe5891ec5978a71e3a6c95b8bd88476e6
                                                                                • Opcode Fuzzy Hash: 6851538e357941a99ebb696b081bc24ed3bcd29be91ebe21427510cb9cba344c
                                                                                • Instruction Fuzzy Hash: 46E28662B08AC292EB64EF25D1503AEE761FB81760F814136DB9D076A9CFBCE495C710
                                                                                Function 00007FF7C1054840 Relevance: 12.1, APIs: 5, Strings: 1, Instructions: 1624COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: CMT
                                                                                • API String ID: 3668304517-2756464174
                                                                                • Opcode ID: 900f1335872eede1b1a492564cf610b08fbb687fb420bf81384da2f580c8fe8c
                                                                                • Instruction ID: c593cc58b3b5333c03c3ad025a1ee72015c1b997ad425c40356b84ff0494c292
                                                                                • Opcode Fuzzy Hash: 900f1335872eede1b1a492564cf610b08fbb687fb420bf81384da2f580c8fe8c
                                                                                • Instruction Fuzzy Hash: A0E20622B08A8286FB14EF75D4602FDA7A1FB453A4F814036DA5E47796DFBCE095C324
                                                                                Function 00007FF7C10640BC Relevance: 10.7, APIs: 7, Instructions: 153fileCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3477 7ff7c10640bc-7ff7c10640f3 3478 7ff7c10640f9-7ff7c1064101 3477->3478 3479 7ff7c10641d2-7ff7c10641df FindNextFileW 3477->3479 3480 7ff7c1064103 3478->3480 3481 7ff7c1064106-7ff7c1064118 FindFirstFileW 3478->3481 3482 7ff7c10641f3-7ff7c10641f6 3479->3482 3483 7ff7c10641e1-7ff7c10641f1 GetLastError 3479->3483 3480->3481 3481->3482 3484 7ff7c106411e-7ff7c1064146 call 7ff7c1066a0c 3481->3484 3486 7ff7c10641f8-7ff7c1064200 3482->3486 3487 7ff7c1064211-7ff7c1064253 call 7ff7c108797c call 7ff7c105129c call 7ff7c1068090 3482->3487 3485 7ff7c10641ca-7ff7c10641cd 3483->3485 3497 7ff7c1064148-7ff7c1064164 FindFirstFileW 3484->3497 3498 7ff7c1064167-7ff7c1064170 3484->3498 3488 7ff7c10642eb-7ff7c106430e call 7ff7c1082320 3485->3488 3490 7ff7c1064205-7ff7c106420c call 7ff7c10520b0 3486->3490 3491 7ff7c1064202 3486->3491 3513 7ff7c106428c-7ff7c10642e6 call 7ff7c106f168 * 3 3487->3513 3514 7ff7c1064255-7ff7c106426c 3487->3514 3490->3487 3491->3490 3497->3498 3502 7ff7c10641a9-7ff7c10641ad 3498->3502 3503 7ff7c1064172-7ff7c1064189 3498->3503 3502->3482 3505 7ff7c10641af-7ff7c10641be GetLastError 3502->3505 3506 7ff7c106418b-7ff7c106419e 3503->3506 3507 7ff7c10641a4 call 7ff7c108220c 3503->3507 3509 7ff7c10641c8 3505->3509 3510 7ff7c10641c0-7ff7c10641c6 3505->3510 3506->3507 3511 7ff7c1064315-7ff7c106431b call 7ff7c1087904 3506->3511 3507->3502 3509->3485 3510->3485 3510->3509 3513->3488 3516 7ff7c106426e-7ff7c1064281 3514->3516 3517 7ff7c1064287 call 7ff7c108220c 3514->3517 3516->3517 3520 7ff7c106430f-7ff7c1064314 call 7ff7c1087904 3516->3520 3517->3513 3520->3511
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                                                                • String ID:
                                                                                • API String ID: 474548282-0
                                                                                • Opcode ID: 5b7a682f346ba33cc6e8113bf8bb974c5d06c867b30d63dc8f71ee7e42fd28a6
                                                                                • Instruction ID: d94380189558317783135200ac2c83f6d33de30028fe1f022875d8208e79cfc1
                                                                                • Opcode Fuzzy Hash: 5b7a682f346ba33cc6e8113bf8bb974c5d06c867b30d63dc8f71ee7e42fd28a6
                                                                                • Instruction Fuzzy Hash: A161C362B08A4681EB10AF24E84026DA361FB857B4F915331EEAD47BD9DFBCD4C4C710
                                                                                Function 00007FF7C1055E24 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3588 7ff7c1055e24-7ff7c1056129 call 7ff7c106833c call 7ff7c10685f0 3594 7ff7c105612e-7ff7c1056132 3588->3594 3595 7ff7c1056134-7ff7c105613c call 7ff7c1056fcc 3594->3595 3596 7ff7c1056141-7ff7c1056171 call 7ff7c10683d8 call 7ff7c1068570 call 7ff7c1068528 3594->3596 3601 7ff7c105697b 3595->3601 3615 7ff7c1056177-7ff7c1056179 3596->3615 3616 7ff7c1056973-7ff7c1056976 call 7ff7c105466c 3596->3616 3603 7ff7c105697e-7ff7c1056985 3601->3603 3605 7ff7c1056987-7ff7c1056998 3603->3605 3606 7ff7c10569b4-7ff7c10569e3 call 7ff7c1082320 3603->3606 3608 7ff7c105699a-7ff7c10569ad 3605->3608 3609 7ff7c10569af call 7ff7c108220c 3605->3609 3608->3609 3613 7ff7c10569e4-7ff7c10569e9 call 7ff7c1087904 3608->3613 3609->3606 3623 7ff7c10569ea-7ff7c10569ef call 7ff7c1087904 3613->3623 3615->3616 3617 7ff7c105617f-7ff7c1056189 3615->3617 3616->3601 3617->3616 3620 7ff7c105618f-7ff7c1056192 3617->3620 3620->3616 3622 7ff7c1056198-7ff7c10561aa call 7ff7c10685f0 3620->3622 3622->3595 3628 7ff7c10561ac-7ff7c10561fd call 7ff7c10684f8 call 7ff7c1068528 * 2 3622->3628 3629 7ff7c10569f0-7ff7c10569f7 call 7ff7c1087904 3623->3629 3638 7ff7c105623f-7ff7c1056249 3628->3638 3639 7ff7c10561ff-7ff7c1056222 call 7ff7c105466c call 7ff7c105ba0c 3628->3639 3640 7ff7c105624b-7ff7c1056260 call 7ff7c1068528 3638->3640 3641 7ff7c1056266-7ff7c1056270 3638->3641 3639->3638 3654 7ff7c1056224-7ff7c105622e call 7ff7c105433c 3639->3654 3640->3616 3640->3641 3644 7ff7c105627e-7ff7c1056296 call 7ff7c105334c 3641->3644 3645 7ff7c1056272-7ff7c105627b call 7ff7c1068528 3641->3645 3655 7ff7c1056298-7ff7c105629b 3644->3655 3656 7ff7c10562b3 3644->3656 3645->3644 3654->3638 3655->3656 3659 7ff7c105629d-7ff7c10562b1 3655->3659 3657 7ff7c10562b6-7ff7c10562c8 3656->3657 3660 7ff7c10562ce-7ff7c10562d1 3657->3660 3661 7ff7c10568b7-7ff7c1056929 call 7ff7c1064d04 call 7ff7c1068528 3657->3661 3659->3656 3659->3657 3662 7ff7c10562d7-7ff7c10562da 3660->3662 3663 7ff7c1056481-7ff7c10564f4 call 7ff7c1064c74 call 7ff7c1068528 * 2 3660->3663 3680 7ff7c105692b-7ff7c1056934 call 7ff7c1068528 3661->3680 3681 7ff7c1056936 3661->3681 3662->3663 3665 7ff7c10562e0-7ff7c10562e3 3662->3665 3695 7ff7c1056507-7ff7c1056533 call 7ff7c1068528 3663->3695 3696 7ff7c10564f6-7ff7c1056500 3663->3696 3668 7ff7c105632e-7ff7c1056353 call 7ff7c1068528 3665->3668 3669 7ff7c10562e5-7ff7c10562e8 3665->3669 3684 7ff7c105639e-7ff7c10563c5 call 7ff7c1068528 call 7ff7c1068384 3668->3684 3685 7ff7c1056355-7ff7c105638f call 7ff7c1054228 call 7ff7c1053c84 call 7ff7c105701c call 7ff7c1051fa0 3668->3685 3672 7ff7c105696d-7ff7c1056971 3669->3672 3673 7ff7c10562ee-7ff7c1056329 call 7ff7c1068528 3669->3673 3672->3603 3673->3672 3687 7ff7c1056939-7ff7c1056946 3680->3687 3681->3687 3708 7ff7c10563c7-7ff7c1056400 call 7ff7c1054228 call 7ff7c1053c84 call 7ff7c105701c call 7ff7c1051fa0 3684->3708 3709 7ff7c1056402-7ff7c105641f call 7ff7c1068444 3684->3709 3732 7ff7c1056390-7ff7c1056399 call 7ff7c1051fa0 3685->3732 3688 7ff7c105694c 3687->3688 3689 7ff7c1056948-7ff7c105694a 3687->3689 3694 7ff7c105694f-7ff7c1056959 3688->3694 3689->3688 3689->3694 3694->3672 3699 7ff7c105695b-7ff7c1056968 call 7ff7c1054840 3694->3699 3710 7ff7c1056549-7ff7c1056557 3695->3710 3711 7ff7c1056535-7ff7c1056544 call 7ff7c10683d8 call 7ff7c106f134 3695->3711 3696->3695 3699->3672 3708->3732 3729 7ff7c1056475-7ff7c105647c 3709->3729 3730 7ff7c1056421-7ff7c105646f call 7ff7c1068444 * 2 call 7ff7c106c800 call 7ff7c1084a70 3709->3730 3714 7ff7c1056559-7ff7c105656c call 7ff7c10683d8 3710->3714 3715 7ff7c1056572-7ff7c1056595 call 7ff7c1068528 3710->3715 3711->3710 3714->3715 3733 7ff7c1056597-7ff7c105659e 3715->3733 3734 7ff7c10565a0-7ff7c10565b0 3715->3734 3729->3672 3730->3729 3732->3684 3738 7ff7c10565b3-7ff7c10565eb call 7ff7c1068528 * 2 3733->3738 3734->3738 3752 7ff7c10565ed-7ff7c10565f4 3738->3752 3753 7ff7c10565f6-7ff7c10565fa 3738->3753 3755 7ff7c1056603-7ff7c1056632 3752->3755 3753->3755 3757 7ff7c10565fc 3753->3757 3758 7ff7c1056634-7ff7c1056638 3755->3758 3759 7ff7c105663f 3755->3759 3757->3755 3758->3759 3760 7ff7c105663a-7ff7c105663d 3758->3760 3761 7ff7c1056641-7ff7c1056656 3759->3761 3760->3761 3762 7ff7c1056658-7ff7c105665b 3761->3762 3763 7ff7c10566ca 3761->3763 3762->3763 3765 7ff7c105665d-7ff7c1056683 3762->3765 3764 7ff7c10566d2-7ff7c1056731 call 7ff7c1053d00 call 7ff7c1068444 call 7ff7c1070d54 3763->3764 3776 7ff7c1056733-7ff7c1056740 call 7ff7c1054840 3764->3776 3777 7ff7c1056745-7ff7c1056749 3764->3777 3765->3764 3767 7ff7c1056685-7ff7c10566a9 3765->3767 3769 7ff7c10566ab 3767->3769 3770 7ff7c10566b2-7ff7c10566bf 3767->3770 3769->3770 3770->3764 3772 7ff7c10566c1-7ff7c10566c8 3770->3772 3772->3764 3776->3777 3779 7ff7c105675b-7ff7c1056772 call 7ff7c108797c 3777->3779 3780 7ff7c105674b-7ff7c1056756 call 7ff7c105473c 3777->3780 3785 7ff7c1056777-7ff7c105677e 3779->3785 3786 7ff7c1056774 3779->3786 3787 7ff7c1056859-7ff7c1056860 3780->3787 3788 7ff7c10567a3-7ff7c10567ba call 7ff7c108797c 3785->3788 3789 7ff7c1056780-7ff7c1056783 3785->3789 3786->3785 3790 7ff7c1056873-7ff7c105687b 3787->3790 3791 7ff7c1056862-7ff7c1056872 call 7ff7c105433c 3787->3791 3804 7ff7c10567bc 3788->3804 3805 7ff7c10567bf-7ff7c10567c6 3788->3805 3793 7ff7c105679c 3789->3793 3794 7ff7c1056785 3789->3794 3790->3672 3792 7ff7c1056881-7ff7c1056892 3790->3792 3791->3790 3797 7ff7c10568ad-7ff7c10568b2 call 7ff7c108220c 3792->3797 3798 7ff7c1056894-7ff7c10568a7 3792->3798 3793->3788 3799 7ff7c1056788-7ff7c1056791 3794->3799 3797->3672 3798->3629 3798->3797 3799->3788 3803 7ff7c1056793-7ff7c105679a 3799->3803 3803->3793 3803->3799 3804->3805 3805->3787 3807 7ff7c10567cc-7ff7c10567cf 3805->3807 3808 7ff7c10567e8-7ff7c10567f0 3807->3808 3809 7ff7c10567d1 3807->3809 3808->3787 3810 7ff7c10567f2-7ff7c1056826 call 7ff7c1068360 call 7ff7c1068598 call 7ff7c1068528 3808->3810 3811 7ff7c10567d4-7ff7c10567dd 3809->3811 3810->3787 3819 7ff7c1056828-7ff7c1056839 3810->3819 3811->3787 3813 7ff7c10567df-7ff7c10567e6 3811->3813 3813->3808 3813->3811 3820 7ff7c105683b-7ff7c105684e 3819->3820 3821 7ff7c1056854 call 7ff7c108220c 3819->3821 3820->3623 3820->3821 3821->3787
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: CMT
                                                                                • API String ID: 0-2756464174
                                                                                • Opcode ID: b8fa635b894758bb4949fb57bddd48836ff0d2ecd2be86fe1bb2065c738ed5aa
                                                                                • Instruction ID: 93a06de7280bd4fda0e00a46c0a6334fe5f1198d335f821b7467315a59cff689
                                                                                • Opcode Fuzzy Hash: b8fa635b894758bb4949fb57bddd48836ff0d2ecd2be86fe1bb2065c738ed5aa
                                                                                • Instruction Fuzzy Hash: D342E222B08A8296EB18EF74C1602FDB7B0FB51364F810136DB5E53696DFB8E599C314
                                                                                Function 00007FF7C1071F20 Relevance: .3, Instructions: 337COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6a2ba48437b82e373fac81338819d40f47a0019a50d197aab006f7cc31990992
                                                                                • Instruction ID: f514039f6440791d36a448b60bba309d0d63e12ea7bcd7f127cf413eae2c430c
                                                                                • Opcode Fuzzy Hash: 6a2ba48437b82e373fac81338819d40f47a0019a50d197aab006f7cc31990992
                                                                                • Instruction Fuzzy Hash: 53E12662A086828AEB64EF28A0442BDF790FB44758F864139DB4E87B85CF7CE5C1C754
                                                                                Function 00007FF7C1073484 Relevance: .3, Instructions: 302COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bca6f1c51f28919b1ed0d44622ea5b19d03515415c361c6bf899ecd233d7ad4e
                                                                                • Instruction ID: d85eda27fee7fa47b2dcad23ab9f319010338452ce51491f19d5a153de25733b
                                                                                • Opcode Fuzzy Hash: bca6f1c51f28919b1ed0d44622ea5b19d03515415c361c6bf899ecd233d7ad4e
                                                                                • Instruction Fuzzy Hash: D4B1DEA2B04AC992EF58AE6695086F9A391BB44BD4F85C03ADE0D0B741DFBCE1D5C350
                                                                                Function 00007FF7C1064928 Relevance: .1, Instructions: 136COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                • String ID:
                                                                                • API String ID: 3340455307-0
                                                                                • Opcode ID: fd8835e4233293591ea5a8582186aba0aa2126ac905c183a9a3c131a0123eb89
                                                                                • Instruction ID: ad10587c73f64cfa45d875715dc12737414c5149a4a92b6773400dfa30097f71
                                                                                • Opcode Fuzzy Hash: fd8835e4233293591ea5a8582186aba0aa2126ac905c183a9a3c131a0123eb89
                                                                                • Instruction Fuzzy Hash: 67415B32B15A5286FB64EF21E94077AA242FBC4794F865034DE0D47B94CEBCE4C6C314
                                                                                Function 00007FF7C106DFD0 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440libraryfileloaderCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 0 7ff7c106dfd0-7ff7c106e024 call 7ff7c1082450 GetModuleHandleW 3 7ff7c106e07b-7ff7c106e3a5 0->3 4 7ff7c106e026-7ff7c106e039 GetProcAddress 0->4 7 7ff7c106e3ab-7ff7c106e3b4 call 7ff7c108b788 3->7 8 7ff7c106e503-7ff7c106e521 call 7ff7c1066454 call 7ff7c1067df4 3->8 5 7ff7c106e03b-7ff7c106e04a 4->5 6 7ff7c106e053-7ff7c106e066 GetProcAddress 4->6 5->6 6->3 10 7ff7c106e068-7ff7c106e078 6->10 7->8 16 7ff7c106e3ba-7ff7c106e3fd call 7ff7c1066454 CreateFileW 7->16 20 7ff7c106e525-7ff7c106e52f call 7ff7c10651a4 8->20 10->3 21 7ff7c106e403-7ff7c106e416 SetFilePointer 16->21 22 7ff7c106e4f0-7ff7c106e4fe CloseHandle call 7ff7c1051fa0 16->22 28 7ff7c106e564-7ff7c106e5ac call 7ff7c108797c call 7ff7c105129c call 7ff7c1068090 call 7ff7c1051fa0 call 7ff7c10632bc 20->28 29 7ff7c106e531-7ff7c106e53c call 7ff7c106dd88 20->29 21->22 24 7ff7c106e41c-7ff7c106e43e ReadFile 21->24 22->8 24->22 27 7ff7c106e444-7ff7c106e452 24->27 31 7ff7c106e458-7ff7c106e4ac call 7ff7c108797c call 7ff7c105129c 27->31 32 7ff7c106e800-7ff7c106e807 call 7ff7c1082624 27->32 69 7ff7c106e5b1-7ff7c106e5b4 28->69 29->28 41 7ff7c106e53e-7ff7c106e562 CompareStringW 29->41 49 7ff7c106e4c3-7ff7c106e4d9 call 7ff7c106d0a0 31->49 41->28 42 7ff7c106e5bd-7ff7c106e5c6 41->42 42->20 47 7ff7c106e5cc 42->47 50 7ff7c106e5d1-7ff7c106e5d4 47->50 64 7ff7c106e4ae-7ff7c106e4be call 7ff7c106dd88 49->64 65 7ff7c106e4db-7ff7c106e4eb call 7ff7c1051fa0 * 2 49->65 51 7ff7c106e5d6-7ff7c106e5d9 50->51 52 7ff7c106e63f-7ff7c106e642 50->52 57 7ff7c106e5dd-7ff7c106e62d call 7ff7c108797c call 7ff7c105129c call 7ff7c1068090 call 7ff7c1051fa0 call 7ff7c10632bc 51->57 55 7ff7c106e648-7ff7c106e65b call 7ff7c1067eb0 call 7ff7c10651a4 52->55 56 7ff7c106e7c2-7ff7c106e7ff call 7ff7c1051fa0 * 2 call 7ff7c1082320 52->56 82 7ff7c106e706-7ff7c106e753 call 7ff7c106da98 AllocConsole 55->82 83 7ff7c106e661-7ff7c106e701 call 7ff7c106dd88 * 2 call 7ff7c106aae0 call 7ff7c106da98 call 7ff7c106aae0 call 7ff7c106dc2c call 7ff7c10787ac call 7ff7c10519e0 55->83 108 7ff7c106e63c 57->108 109 7ff7c106e62f-7ff7c106e638 57->109 64->49 65->22 76 7ff7c106e5ce 69->76 77 7ff7c106e5b6 69->77 76->50 77->42 94 7ff7c106e755-7ff7c106e7aa GetCurrentProcessId AttachConsole call 7ff7c106e868 call 7ff7c106e858 GetStdHandle WriteConsoleW Sleep FreeConsole 82->94 95 7ff7c106e7b0 82->95 100 7ff7c106e7b4-7ff7c106e7bb call 7ff7c10519e0 ExitProcess 83->100 94->95 95->100 108->52 109->57 112 7ff7c106e63a 109->112 112->52
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
                                                                                • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                                • API String ID: 1496594111-2013832382
                                                                                • Opcode ID: 19926894803355f4926a5d38047f13a95aa4f57e947c60c8a04cc60affe7caae
                                                                                • Instruction ID: 41618740cdf59710b590eb98c78de038390692a52a6671d89c5a2f00f4c59b9d
                                                                                • Opcode Fuzzy Hash: 19926894803355f4926a5d38047f13a95aa4f57e947c60c8a04cc60affe7caae
                                                                                • Instruction Fuzzy Hash: 7A322B31A09F8299EB11EF64E8511E9B3A4FF44364FD10236DA8D067A5EFBCD295C360
                                                                                Function 00007FF7C10698DC Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7C1068E58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7C1068F8D
                                                                                • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7C1069F75
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C106A42F
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C106A435
                                                                                  • Part of subcall function 00007FF7C1070BBC: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF7C1070B44), ref: 00007FF7C1070BE9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
                                                                                • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                                • API String ID: 3629253777-3268106645
                                                                                • Opcode ID: c1941742baf2d9c3be52f390a0a923855bad3b4b9f203786c8d0fad0fa7aba42
                                                                                • Instruction ID: 109cb5969048b33ca7de3d6f82549e274c333802b24064b0eefdc4736fefc899
                                                                                • Opcode Fuzzy Hash: c1941742baf2d9c3be52f390a0a923855bad3b4b9f203786c8d0fad0fa7aba42
                                                                                • Instruction Fuzzy Hash: EC629D22B19A92C9EB10EF28D4452BDA361FB407A4FC25132DE5D47B95EFBCE584C360
                                                                                Function 00007FF7C1081900 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1911 7ff7c1081900-7ff7c1081989 call 7ff7c1081558 1914 7ff7c108198b-7ff7c10819af call 7ff7c1081868 RaiseException 1911->1914 1915 7ff7c10819b4-7ff7c10819d1 1911->1915 1923 7ff7c1081bb8-7ff7c1081bd5 1914->1923 1916 7ff7c10819e6-7ff7c10819ea 1915->1916 1917 7ff7c10819d3-7ff7c10819e4 1915->1917 1919 7ff7c10819ed-7ff7c10819f9 1916->1919 1917->1919 1921 7ff7c10819fb-7ff7c1081a0d 1919->1921 1922 7ff7c1081a1a-7ff7c1081a1d 1919->1922 1931 7ff7c1081b89-7ff7c1081b93 1921->1931 1932 7ff7c1081a13 1921->1932 1924 7ff7c1081ac4-7ff7c1081acb 1922->1924 1925 7ff7c1081a23-7ff7c1081a26 1922->1925 1927 7ff7c1081acd-7ff7c1081adc 1924->1927 1928 7ff7c1081adf-7ff7c1081ae2 1924->1928 1929 7ff7c1081a3d-7ff7c1081a52 LoadLibraryExA 1925->1929 1930 7ff7c1081a28-7ff7c1081a3b 1925->1930 1927->1928 1933 7ff7c1081ae8-7ff7c1081aec 1928->1933 1934 7ff7c1081b85 1928->1934 1935 7ff7c1081aa9-7ff7c1081ab2 1929->1935 1936 7ff7c1081a54-7ff7c1081a67 GetLastError 1929->1936 1930->1929 1930->1935 1943 7ff7c1081b95-7ff7c1081ba6 1931->1943 1944 7ff7c1081bb0 call 7ff7c1081868 1931->1944 1932->1922 1941 7ff7c1081aee-7ff7c1081af2 1933->1941 1942 7ff7c1081b1b-7ff7c1081b2e GetProcAddress 1933->1942 1934->1931 1937 7ff7c1081abd 1935->1937 1938 7ff7c1081ab4-7ff7c1081ab7 FreeLibrary 1935->1938 1945 7ff7c1081a7e-7ff7c1081aa4 call 7ff7c1081868 RaiseException 1936->1945 1946 7ff7c1081a69-7ff7c1081a7c 1936->1946 1937->1924 1938->1937 1941->1942 1950 7ff7c1081af4-7ff7c1081aff 1941->1950 1942->1934 1949 7ff7c1081b30-7ff7c1081b43 GetLastError 1942->1949 1943->1944 1952 7ff7c1081bb5 1944->1952 1945->1923 1946->1935 1946->1945 1954 7ff7c1081b5a-7ff7c1081b81 call 7ff7c1081868 RaiseException call 7ff7c1081558 1949->1954 1955 7ff7c1081b45-7ff7c1081b58 1949->1955 1950->1942 1956 7ff7c1081b01-7ff7c1081b08 1950->1956 1952->1923 1954->1934 1955->1934 1955->1954 1956->1942 1957 7ff7c1081b0a-7ff7c1081b0f 1956->1957 1957->1942 1959 7ff7c1081b11-7ff7c1081b19 1957->1959 1959->1934 1959->1942
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
                                                                                • String ID: H
                                                                                • API String ID: 3432403771-2852464175
                                                                                • Opcode ID: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                • Instruction ID: c81409f185316bf4d36ca4b226c6e88febed2504d98d1d2a9ab032f9297f3cdd
                                                                                • Opcode Fuzzy Hash: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                • Instruction Fuzzy Hash: B0916D22A19B118AFB00DF65D8546ACB3A5FF09BA4F864135DE0D17B55EFB8E485C320
                                                                                Function 00007FF7C107F4E0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 285COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1989 7ff7c107f4e0-7ff7c107f523 1990 7ff7c107f529-7ff7c107f565 call 7ff7c1083cf0 1989->1990 1991 7ff7c107f894-7ff7c107f8b9 call 7ff7c1051fa0 call 7ff7c1082320 1989->1991 1997 7ff7c107f56a-7ff7c107f571 1990->1997 1998 7ff7c107f567 1990->1998 1999 7ff7c107f573-7ff7c107f577 1997->1999 2000 7ff7c107f582-7ff7c107f586 1997->2000 1998->1997 2002 7ff7c107f57c-7ff7c107f580 1999->2002 2003 7ff7c107f579 1999->2003 2004 7ff7c107f58b-7ff7c107f596 2000->2004 2005 7ff7c107f588 2000->2005 2002->2004 2003->2002 2006 7ff7c107f59c 2004->2006 2007 7ff7c107f628 2004->2007 2005->2004 2008 7ff7c107f5a2-7ff7c107f5a9 2006->2008 2009 7ff7c107f62c-7ff7c107f62f 2007->2009 2010 7ff7c107f5ae-7ff7c107f5b3 2008->2010 2011 7ff7c107f5ab 2008->2011 2012 7ff7c107f637-7ff7c107f63a 2009->2012 2013 7ff7c107f631-7ff7c107f635 2009->2013 2014 7ff7c107f5e5-7ff7c107f5f0 2010->2014 2015 7ff7c107f5b5 2010->2015 2011->2010 2016 7ff7c107f660-7ff7c107f673 call 7ff7c10663ac 2012->2016 2017 7ff7c107f63c-7ff7c107f643 2012->2017 2013->2012 2013->2016 2020 7ff7c107f5f5-7ff7c107f5fa 2014->2020 2021 7ff7c107f5f2 2014->2021 2022 7ff7c107f5ca-7ff7c107f5d0 2015->2022 2030 7ff7c107f698-7ff7c107f6ed call 7ff7c108797c call 7ff7c105129c call 7ff7c10632a8 call 7ff7c1051fa0 2016->2030 2031 7ff7c107f675-7ff7c107f693 call 7ff7c10713c4 2016->2031 2017->2016 2018 7ff7c107f645-7ff7c107f65c 2017->2018 2018->2016 2026 7ff7c107f8ba-7ff7c107f8c1 2020->2026 2027 7ff7c107f600-7ff7c107f607 2020->2027 2021->2020 2023 7ff7c107f5b7-7ff7c107f5be 2022->2023 2024 7ff7c107f5d2 2022->2024 2034 7ff7c107f5c3-7ff7c107f5c8 2023->2034 2035 7ff7c107f5c0 2023->2035 2024->2014 2028 7ff7c107f8c6-7ff7c107f8cb 2026->2028 2029 7ff7c107f8c3 2026->2029 2032 7ff7c107f60c-7ff7c107f612 2027->2032 2033 7ff7c107f609 2027->2033 2036 7ff7c107f8de-7ff7c107f8e6 2028->2036 2037 7ff7c107f8cd-7ff7c107f8d4 2028->2037 2029->2028 2056 7ff7c107f742-7ff7c107f74f ShellExecuteExW 2030->2056 2057 7ff7c107f6ef-7ff7c107f73d call 7ff7c108797c call 7ff7c105129c call 7ff7c1065b60 call 7ff7c1051fa0 2030->2057 2031->2030 2032->2026 2040 7ff7c107f618-7ff7c107f622 2032->2040 2033->2032 2034->2022 2041 7ff7c107f5d4-7ff7c107f5db 2034->2041 2035->2034 2046 7ff7c107f8eb-7ff7c107f8f6 2036->2046 2047 7ff7c107f8e8 2036->2047 2044 7ff7c107f8d9 2037->2044 2045 7ff7c107f8d6 2037->2045 2040->2007 2040->2008 2042 7ff7c107f5dd 2041->2042 2043 7ff7c107f5e0 2041->2043 2042->2043 2043->2014 2044->2036 2045->2044 2046->2009 2047->2046 2059 7ff7c107f846-7ff7c107f84e 2056->2059 2060 7ff7c107f755-7ff7c107f75f 2056->2060 2057->2056 2062 7ff7c107f882-7ff7c107f88f 2059->2062 2063 7ff7c107f850-7ff7c107f866 2059->2063 2064 7ff7c107f761-7ff7c107f764 2060->2064 2065 7ff7c107f76f-7ff7c107f772 2060->2065 2062->1991 2067 7ff7c107f87d call 7ff7c108220c 2063->2067 2068 7ff7c107f868-7ff7c107f87b 2063->2068 2064->2065 2069 7ff7c107f766-7ff7c107f76d 2064->2069 2070 7ff7c107f78e-7ff7c107f7ad call 7ff7c10be1b8 call 7ff7c107fe24 2065->2070 2071 7ff7c107f774-7ff7c107f77f call 7ff7c10be188 2065->2071 2067->2062 2068->2067 2074 7ff7c107f8fb-7ff7c107f903 call 7ff7c1087904 2068->2074 2069->2065 2076 7ff7c107f7e3-7ff7c107f7f0 CloseHandle 2069->2076 2070->2076 2097 7ff7c107f7af-7ff7c107f7b2 2070->2097 2071->2070 2084 7ff7c107f781-7ff7c107f78c ShowWindow 2071->2084 2082 7ff7c107f805-7ff7c107f80c 2076->2082 2083 7ff7c107f7f2-7ff7c107f803 call 7ff7c10713c4 2076->2083 2089 7ff7c107f82e-7ff7c107f830 2082->2089 2090 7ff7c107f80e-7ff7c107f811 2082->2090 2083->2082 2083->2089 2084->2070 2089->2059 2092 7ff7c107f832-7ff7c107f835 2089->2092 2090->2089 2091 7ff7c107f813-7ff7c107f828 2090->2091 2091->2089 2092->2059 2096 7ff7c107f837-7ff7c107f845 ShowWindow 2092->2096 2096->2059 2097->2076 2099 7ff7c107f7b4-7ff7c107f7c5 GetExitCodeProcess 2097->2099 2099->2076 2100 7ff7c107f7c7-7ff7c107f7dc 2099->2100 2100->2076
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_invalid_parameter_noinfo_noreturn
                                                                                • String ID: .exe$.inf$Install$p
                                                                                • API String ID: 1054546013-3607691742
                                                                                • Opcode ID: bd083846a701d2a936ecc778425380adf73900159b5be9ae941c3623c510174f
                                                                                • Instruction ID: d1d349500da8750225be4035c5c0aaa520db3ea2ca7f14a33249ed09ad88a7c7
                                                                                • Opcode Fuzzy Hash: bd083846a701d2a936ecc778425380adf73900159b5be9ae941c3623c510174f
                                                                                • Instruction Fuzzy Hash: 97C18A62F18A0285FB00EF25D950279A3B1BF89BA0F855075CE5D47AA5DFBCE4D1C3A0
                                                                                Function 00007FF7C107F0A4 Relevance: 16.6, APIs: 11, Instructions: 102windowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                • String ID:
                                                                                • API String ID: 3569833718-0
                                                                                • Opcode ID: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                                                                • Instruction ID: e8bd18fa724b80d03eac1b7e919d4ec1d0bac92439106268de1f169083e5bbd3
                                                                                • Opcode Fuzzy Hash: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                                                                • Instruction Fuzzy Hash: D041E031B1464286F700EF61E814BAA6360EB89FA8F855135DD0A17B95CFBDE4898760
                                                                                Function 00007FF7C105EF10 Relevance: 11.0, APIs: 7, Instructions: 453COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: e994a9db728abc9e3b7c2f1aeddd0c1bbb8b4fdc17eb45be45aeabee48c93372
                                                                                • Instruction ID: 95b3d3e8638d355489d8c482a2efa05cd8da7e547bab4818641f97169fd4f13d
                                                                                • Opcode Fuzzy Hash: e994a9db728abc9e3b7c2f1aeddd0c1bbb8b4fdc17eb45be45aeabee48c93372
                                                                                • Instruction Fuzzy Hash: 3A12BE62B08B4284FB10EF64D4542ADA362EB457B8F814232DE5C17ADADFBCE4C9C314
                                                                                Function 00007FF7C10624C0 Relevance: 9.2, APIs: 6, Instructions: 164filetimeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3528 7ff7c10624c0-7ff7c10624fb 3529 7ff7c10624fd-7ff7c1062504 3528->3529 3530 7ff7c1062506 3528->3530 3529->3530 3531 7ff7c1062509-7ff7c1062578 3529->3531 3530->3531 3532 7ff7c106257d-7ff7c10625a8 CreateFileW 3531->3532 3533 7ff7c106257a 3531->3533 3534 7ff7c10625ae-7ff7c10625de GetLastError call 7ff7c1066a0c 3532->3534 3535 7ff7c1062688-7ff7c106268d 3532->3535 3533->3532 3544 7ff7c106262c 3534->3544 3545 7ff7c10625e0-7ff7c106262a CreateFileW GetLastError 3534->3545 3536 7ff7c1062693-7ff7c1062697 3535->3536 3538 7ff7c1062699-7ff7c106269c 3536->3538 3539 7ff7c10626a5-7ff7c10626a9 3536->3539 3538->3539 3541 7ff7c106269e 3538->3541 3542 7ff7c10626ab-7ff7c10626af 3539->3542 3543 7ff7c10626cf-7ff7c10626e3 3539->3543 3541->3539 3542->3543 3547 7ff7c10626b1-7ff7c10626c9 SetFileTime 3542->3547 3548 7ff7c106270c-7ff7c1062735 call 7ff7c1082320 3543->3548 3549 7ff7c10626e5-7ff7c10626f0 3543->3549 3546 7ff7c1062632-7ff7c106263a 3544->3546 3545->3546 3552 7ff7c106263c-7ff7c1062653 3546->3552 3553 7ff7c1062673-7ff7c1062686 3546->3553 3547->3543 3550 7ff7c1062708 3549->3550 3551 7ff7c10626f2-7ff7c10626fa 3549->3551 3550->3548 3555 7ff7c10626fc 3551->3555 3556 7ff7c10626ff-7ff7c1062703 call 7ff7c10520b0 3551->3556 3557 7ff7c106266e call 7ff7c108220c 3552->3557 3558 7ff7c1062655-7ff7c1062668 3552->3558 3553->3536 3555->3556 3556->3550 3557->3553 3558->3557 3561 7ff7c1062736-7ff7c106273b call 7ff7c1087904 3558->3561
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3536497005-0
                                                                                • Opcode ID: 7e74b88d639c8d570aa5cbccebcd9353285634c108726f52f9c563d03d833b9c
                                                                                • Instruction ID: 137d8b11b968eb4c04a3d1ec1720f95bf8e62a968c8ece3cbc3e6d78a3c78901
                                                                                • Opcode Fuzzy Hash: 7e74b88d639c8d570aa5cbccebcd9353285634c108726f52f9c563d03d833b9c
                                                                                • Instruction Fuzzy Hash: 3C61C062B1868185E7209F29E4103AEB7A1FB887B8F511335DEAD03AE8DF7DD494C714
                                                                                Function 00007FF7C107B014 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Global$Resource$Object$AllocBitmapCreateDeleteGdipLoadLock$FindFreeFromSizeofStreamUnlock
                                                                                • String ID: ]
                                                                                • API String ID: 3561356813-3352871620
                                                                                • Opcode ID: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                • Instruction ID: 46cd6e22643e21a2282f6812c3827b327fd68a5f926594683217ffa190358919
                                                                                • Opcode Fuzzy Hash: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                • Instruction Fuzzy Hash: 5211B620B0D24241FB25FF21A654379D391BF88BE0F890035ED1D07B9ADFACE89487A0
                                                                                Function 00007FF7C107AE1C Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Message$DialogDispatchPeekTranslate
                                                                                • String ID:
                                                                                • API String ID: 1266772231-0
                                                                                • Opcode ID: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                • Instruction ID: 42c664b4476fcb32427650b5090bc88f5fa9d19cecd59c8f8d6955313c28a10e
                                                                                • Opcode Fuzzy Hash: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                • Instruction Fuzzy Hash: C4F04932B3854282FB60EF20E895B76A361FFD0B15FD56831EA4E82954DF6CD148CB20
                                                                                Function 00007FF7C10791E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                • String ID: EDIT
                                                                                • API String ID: 4243998846-3080729518
                                                                                • Opcode ID: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                • Instruction ID: 9864f3f03d8303091ad65726b438c063a288afd6d8043cf9054efc6e8cc27152
                                                                                • Opcode Fuzzy Hash: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                • Instruction Fuzzy Hash: 99016D21B18A8381FB20FF21A8213F6A390AF98760FC60031CD4D06695DFACE1C987A0
                                                                                Function 00007FF7C1062CE0 Relevance: 6.1, APIs: 4, Instructions: 136fileCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3838 7ff7c1062ce0-7ff7c1062d0a 3839 7ff7c1062d0c-7ff7c1062d0e 3838->3839 3840 7ff7c1062d13-7ff7c1062d1b 3838->3840 3841 7ff7c1062ea9-7ff7c1062ec4 call 7ff7c1082320 3839->3841 3842 7ff7c1062d2b 3840->3842 3843 7ff7c1062d1d-7ff7c1062d28 GetStdHandle 3840->3843 3845 7ff7c1062d31-7ff7c1062d3d 3842->3845 3843->3842 3847 7ff7c1062d86-7ff7c1062da2 WriteFile 3845->3847 3848 7ff7c1062d3f-7ff7c1062d44 3845->3848 3851 7ff7c1062da6-7ff7c1062da9 3847->3851 3849 7ff7c1062d46-7ff7c1062d7a WriteFile 3848->3849 3850 7ff7c1062daf-7ff7c1062db3 3848->3850 3849->3851 3852 7ff7c1062d7c-7ff7c1062d82 3849->3852 3853 7ff7c1062ea2-7ff7c1062ea6 3850->3853 3854 7ff7c1062db9-7ff7c1062dbd 3850->3854 3851->3850 3851->3853 3852->3849 3855 7ff7c1062d84 3852->3855 3853->3841 3854->3853 3856 7ff7c1062dc3-7ff7c1062dd8 call 7ff7c105b4f8 3854->3856 3855->3851 3859 7ff7c1062e1e-7ff7c1062e6d call 7ff7c108797c call 7ff7c105129c call 7ff7c105bca8 3856->3859 3860 7ff7c1062dda-7ff7c1062de1 3856->3860 3859->3853 3871 7ff7c1062e6f-7ff7c1062e86 3859->3871 3860->3845 3862 7ff7c1062de7-7ff7c1062de9 3860->3862 3862->3845 3864 7ff7c1062def-7ff7c1062e19 3862->3864 3864->3845 3872 7ff7c1062e9d call 7ff7c108220c 3871->3872 3873 7ff7c1062e88-7ff7c1062e9b 3871->3873 3872->3853 3873->3872 3874 7ff7c1062ec5-7ff7c1062ecb call 7ff7c1087904 3873->3874
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: FileWrite$Handle
                                                                                • String ID:
                                                                                • API String ID: 4209713984-0
                                                                                • Opcode ID: 95d7fd16c8d926fcf5da752308064adee905e679e75eda990adbc5c1a1c917ca
                                                                                • Instruction ID: 5a01afbd79a99cd09550b2771e33c32c1ead7599ff1aef94f9966e3fef3b1b07
                                                                                • Opcode Fuzzy Hash: 95d7fd16c8d926fcf5da752308064adee905e679e75eda990adbc5c1a1c917ca
                                                                                • Instruction Fuzzy Hash: 2351D522B19A4692FB50EF25D8547BAB360FB557B0F850131EE4D06A94DFBCE4C5C320
                                                                                Function 00007FF7C10803E0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$TextWindow
                                                                                • String ID:
                                                                                • API String ID: 2912839123-0
                                                                                • Opcode ID: 34b731ebe9af3ba17aed105ea6cd5e0b01c3b8b12ff97f26908d03dc914b4b53
                                                                                • Instruction ID: ba3ddf6cfc4c39ff4d8b2da6d17a1fb5c964ed17f752ae60ce2cc187f6fff5b4
                                                                                • Opcode Fuzzy Hash: 34b731ebe9af3ba17aed105ea6cd5e0b01c3b8b12ff97f26908d03dc914b4b53
                                                                                • Instruction Fuzzy Hash: B1518362F18A5184FB00AF65D8452AD6362FF45BB4F920635DE5C16BDADFACD480C330
                                                                                Function 00007FF7C1063684 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2359106489-0
                                                                                • Opcode ID: 9d9d2995018f7f6f648ac6a5d97c5d37007cde808aee1d861722df7aa9659c46
                                                                                • Instruction ID: f18f8f1be3d139a157454ede89295fae5dc59a2d949b3db66df06a1be8287a04
                                                                                • Opcode Fuzzy Hash: 9d9d2995018f7f6f648ac6a5d97c5d37007cde808aee1d861722df7aa9659c46
                                                                                • Instruction Fuzzy Hash: 2031C522B0C64281EB70AF25A45527DE351FF887B0F928235EE8D467D5CFBCD4C58660
                                                                                Function 00007FF7C1082D6C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                • String ID:
                                                                                • API String ID: 1452418845-0
                                                                                • Opcode ID: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                • Instruction ID: 7f54ccf6bd046c2878bc1106425be6869e974c0e218032d08654666457785602
                                                                                • Opcode Fuzzy Hash: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                • Instruction Fuzzy Hash: 05316B20E0C20342FB54BF6495113B9A291EF413A4FC65439E94E0BAD7DEACE4C9C374
                                                                                Function 00007FF7C1062320 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast$FileHandleRead
                                                                                • String ID:
                                                                                • API String ID: 2244327787-0
                                                                                • Opcode ID: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                • Instruction ID: e1cc18e8d9ddb59ebc7ead43c4ff64363d47e4f75347ac763ff29e30a3d23d77
                                                                                • Opcode Fuzzy Hash: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                • Instruction Fuzzy Hash: CD215021F0C56281EB606F11A4002B9F3A0FB85BB4F958531EE9D46784DFBDD8D58761
                                                                                Function 00007FF7C106E948 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7C106ECD8: ResetEvent.KERNEL32 ref: 00007FF7C106ECF1
                                                                                  • Part of subcall function 00007FF7C106ECD8: ReleaseSemaphore.KERNEL32 ref: 00007FF7C106ED07
                                                                                • ReleaseSemaphore.KERNEL32 ref: 00007FF7C106E974
                                                                                • CloseHandle.KERNELBASE ref: 00007FF7C106E993
                                                                                • DeleteCriticalSection.KERNEL32 ref: 00007FF7C106E9AA
                                                                                • CloseHandle.KERNEL32 ref: 00007FF7C106E9B7
                                                                                  • Part of subcall function 00007FF7C106EA5C: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF7C106E95F,?,?,?,00007FF7C106463A,?,?,?), ref: 00007FF7C106EA63
                                                                                  • Part of subcall function 00007FF7C106EA5C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF7C106E95F,?,?,?,00007FF7C106463A,?,?,?), ref: 00007FF7C106EA6E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: CloseHandleReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                • String ID:
                                                                                • API String ID: 502429940-0
                                                                                • Opcode ID: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                • Instruction ID: 9cf422d6d52a6a11b996395764aa6b9ef73bd5f294a2ba77201753baaef7486f
                                                                                • Opcode Fuzzy Hash: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                • Instruction Fuzzy Hash: 5101ED32A14A9592E748EF21E95466DA321FB84BA0F414032DB5D03665CF79E4F5C750
                                                                                Function 00007FF7C106EAA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Thread$CreatePriority
                                                                                • String ID: CreateThread failed
                                                                                • API String ID: 2610526550-3849766595
                                                                                • Opcode ID: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                • Instruction ID: 474cc3f69f1b6fe87b8d55d176b3387236b30b0214dd95e33b6ec8d623b6a80f
                                                                                • Opcode Fuzzy Hash: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                • Instruction Fuzzy Hash: B6118F31A08B4281FB10EF10E8512AAF371FB847A4FD54132DA4D02669EFBCE5D5C764
                                                                                Function 00007FF7C107946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: DirectoryInitializeMallocSystem
                                                                                • String ID: riched20.dll
                                                                                • API String ID: 174490985-3360196438
                                                                                • Opcode ID: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
                                                                                • Instruction ID: 32f2108a149e86e9271d32c2f2ec9138059d4d38ebc6da1c3612ee529251d527
                                                                                • Opcode Fuzzy Hash: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
                                                                                • Instruction Fuzzy Hash: 27F04F71618A4182EB40EF20F4152AAF3A0FB98764F810135EA8E42B95DFBCD189CB10
                                                                                Function 00007FF7C107095C Relevance: 4.7, APIs: 3, Instructions: 152windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7C107853C: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF7C107856C
                                                                                  • Part of subcall function 00007FF7C106AAE0: LoadStringW.USER32 ref: 00007FF7C106AB67
                                                                                  • Part of subcall function 00007FF7C106AAE0: LoadStringW.USER32 ref: 00007FF7C106AB80
                                                                                  • Part of subcall function 00007FF7C1051FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C1051FFB
                                                                                  • Part of subcall function 00007FF7C105129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7C1051396
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C10801BB
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C10801C1
                                                                                • SendDlgItemMessageW.USER32 ref: 00007FF7C10801F2
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$LoadString$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
                                                                                • String ID:
                                                                                • API String ID: 3106221260-0
                                                                                • Opcode ID: 7d1f69911a00d0741de56b49c262a8841e6eb375053cbff927e1aaae2ee712c8
                                                                                • Instruction ID: d883be34e6b6c211b575b5b96710a9479cf190b39a6cd05f46d476b5620e9341
                                                                                • Opcode Fuzzy Hash: 7d1f69911a00d0741de56b49c262a8841e6eb375053cbff927e1aaae2ee712c8
                                                                                • Instruction Fuzzy Hash: 0E51C462F08A4186FB10BFA5D4512FDA362EB857E4F820136DE0D57BDADEACD580C360
                                                                                Function 00007FF7C1062134 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2272807158-0
                                                                                • Opcode ID: 4ce248ffffd21e537046429b603db88a9fd2a3d13b10b45fb751dcef003d6319
                                                                                • Instruction ID: 5a509b85181f571277845d4cf75a2b7233a84ea1efd554bb5ed803a00a3186b8
                                                                                • Opcode Fuzzy Hash: 4ce248ffffd21e537046429b603db88a9fd2a3d13b10b45fb751dcef003d6319
                                                                                • Instruction Fuzzy Hash: 3C41C272A0878682EB10AF15E4442A9B3A1FB847B4F915735DFAD07AD5CFBCE4D18710
                                                                                Function 00007FF7C10523F8 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2176759853-0
                                                                                • Opcode ID: 324ad9725680782466c8b9226039195d64c3332d7d8035b24254b52cca95445d
                                                                                • Instruction ID: d9527b91409e9a06c86bdb994f9bc0c10edb79976e2883bd5431e4539ecdbd71
                                                                                • Opcode Fuzzy Hash: 324ad9725680782466c8b9226039195d64c3332d7d8035b24254b52cca95445d
                                                                                • Instruction Fuzzy Hash: 23219F62A28B8181EB14AF65A85017AA364FB89BE0F954235EFDD03B99CF7CD190C700
                                                                                Function 00007FF7C1071F94 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: std::bad_alloc::bad_alloc
                                                                                • String ID:
                                                                                • API String ID: 1875163511-0
                                                                                • Opcode ID: 5d5f35b7d0b1a8ec44982466ed86c266d3277025963138b758b7e20b27780546
                                                                                • Instruction ID: 3e96099e60b99359ed6e5b7b424805ea81b5899de03e5c67e6ba4a2f34c9d2ea
                                                                                • Opcode Fuzzy Hash: 5d5f35b7d0b1a8ec44982466ed86c266d3277025963138b758b7e20b27780546
                                                                                • Instruction Fuzzy Hash: 0131DB22A0C68691FB25BF14E4443B9E3A0FB507A4F954035E24C06AE6DFFCE5D6C361
                                                                                Function 00007FF7C1063D34 Relevance: 4.6, APIs: 3, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1203560049-0
                                                                                • Opcode ID: 523e4a483c86c9ac9ee543cf6c476d9bf2e9d6353514affc3e0f4067b8c7bc61
                                                                                • Instruction ID: f16accf2e27557906ad3ca8bc95bb531ce4803dc8d48e457e49af14cdd7763b2
                                                                                • Opcode Fuzzy Hash: 523e4a483c86c9ac9ee543cf6c476d9bf2e9d6353514affc3e0f4067b8c7bc61
                                                                                • Instruction Fuzzy Hash: D121F822B08A8581EB20AF25F45526DA360FFC8BA4F819234EE9E46695DF7CD5C0C750
                                                                                Function 00007FF7C10631BC Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3118131910-0
                                                                                • Opcode ID: 9e0f12d03b62ccef14e62e4bf3878a3457daa81ed2db8d115c48a0739d4b379d
                                                                                • Instruction ID: 296b58b608503bfcd5db2ecefa0f8050609765ddb3776702890624aae9b0cf77
                                                                                • Opcode Fuzzy Hash: 9e0f12d03b62ccef14e62e4bf3878a3457daa81ed2db8d115c48a0739d4b379d
                                                                                • Instruction Fuzzy Hash: 0E21B632B18B8281EB10AF25E45422EA360FB85BA4F915235EEDD46A99DF7CD1D0CB50
                                                                                Function 00007FF7C10632BC Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1203560049-0
                                                                                • Opcode ID: d981565e32c06465bb9ca9e6032df0ff87469bcd01ee0110978b6e45bf249536
                                                                                • Instruction ID: 9513d88208cc48fe5779ec3b13ade42fa65cac971845856c909c11195549b78d
                                                                                • Opcode Fuzzy Hash: d981565e32c06465bb9ca9e6032df0ff87469bcd01ee0110978b6e45bf249536
                                                                                • Instruction Fuzzy Hash: D8219272A18A8181EB10AF29E445129A361FBC87B4F914235EE9D47BD5DFBCD480C754
                                                                                Function 00007FF7C108BF64 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Process$CurrentExitTerminate
                                                                                • String ID:
                                                                                • API String ID: 1703294689-0
                                                                                • Opcode ID: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                • Instruction ID: 34fa1a76177bc484e7ceb40827a30424ff9d49a88a061f40e376fb1a602c2335
                                                                                • Opcode Fuzzy Hash: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                • Instruction Fuzzy Hash: DDE04F24B0830946FB54BF3198A5379A352AF88761F525438D80E037A7CEBEA4998720
                                                                                Function 00007FF7C105F578 Relevance: 3.2, APIs: 2, Instructions: 193COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C105F895
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C105F89B
                                                                                  • Part of subcall function 00007FF7C1063EC8: FindClose.KERNELBASE(?,?,00000000,00007FF7C1070811), ref: 00007FF7C1063EFD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                                                • String ID:
                                                                                • API String ID: 3587649625-0
                                                                                • Opcode ID: 31de71ccb13629eb4e8ff473cf0e989b9a8a473b909947ada8621b483159802c
                                                                                • Instruction ID: b2c857765d82b90c66842d8431f85ffc36f1b97ff8da5980715b2b80678007c8
                                                                                • Opcode Fuzzy Hash: 31de71ccb13629eb4e8ff473cf0e989b9a8a473b909947ada8621b483159802c
                                                                                • Instruction Fuzzy Hash: 07919E72A18A9290FB10EF24D4542ADA361FB847A8FD14135EA5C07AE9DFBCD585C324
                                                                                Function 00007FF7C1053904 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 402f2d810e1efc6a759daaa5297bed4678b331cbcfb426b8061d29b6a9ebee63
                                                                                • Instruction ID: cf0691a1845a55e8c340fc37d6459a68598f7969f030f4069c82af37e0c586bb
                                                                                • Opcode Fuzzy Hash: 402f2d810e1efc6a759daaa5297bed4678b331cbcfb426b8061d29b6a9ebee63
                                                                                • Instruction Fuzzy Hash: EB41E862F18A5584FB00EFB1D4502BDA320AF45BE4F955239DE1D2BADACEB8D4C1C314
                                                                                Function 00007FF7C1062778 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetFilePointer.KERNELBASE(00000000,00000002,?,00000F99,?,00007FF7C106274D), ref: 00007FF7C10628A9
                                                                                • GetLastError.KERNEL32(?,00007FF7C106274D), ref: 00007FF7C10628B8
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFileLastPointer
                                                                                • String ID:
                                                                                • API String ID: 2976181284-0
                                                                                • Opcode ID: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                • Instruction ID: 398cac63431f453ba126f5b6605da7dd6b9e02a8bd07b35c4fbff003c6209a57
                                                                                • Opcode Fuzzy Hash: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                • Instruction Fuzzy Hash: 6131C722B1A65686EB606F2AD9406F9B350AF44BF4F960131EE1D07790DFBCD4C58760
                                                                                Function 00007FF7C10522BC Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Item_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1746051919-0
                                                                                • Opcode ID: 8763c555b957396376e96df864685bb2527d49eefc22d4d720e740779d29c564
                                                                                • Instruction ID: 7054aa0eabd1afbbd9f2b89c8558ea0ae346c76c76b8cf8a3400f0d99e9d1845
                                                                                • Opcode Fuzzy Hash: 8763c555b957396376e96df864685bb2527d49eefc22d4d720e740779d29c564
                                                                                • Instruction Fuzzy Hash: BD31AF22A18B8582EB10AF15E45536EF360EF847A0F858235EB9C07B96DFBCE5D0C714
                                                                                Function 00007FF7C1062AD0 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: File$BuffersFlushTime
                                                                                • String ID:
                                                                                • API String ID: 1392018926-0
                                                                                • Opcode ID: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                • Instruction ID: bbaa787a616606c50533d24ed54629e1f67239ab1b8259c33ba5145cf29242ae
                                                                                • Opcode Fuzzy Hash: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                • Instruction Fuzzy Hash: 5A21E222F09B4691EB62AF11D4143FAA790EF017A4F965031DE4C06295EEBCD5D6C210
                                                                                Function 00007FF7C106AAE0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: LoadString
                                                                                • String ID:
                                                                                • API String ID: 2948472770-0
                                                                                • Opcode ID: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                • Instruction ID: 8714464014896638a0c42b94a84c01003e45de96bf7b67cdcfe630ef2d40c1c8
                                                                                • Opcode Fuzzy Hash: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                • Instruction Fuzzy Hash: 5D116071B0874189EB00EF16A841269F7A1BB99FE0F954535CE0DA3725DFBCE5818358
                                                                                Function 00007FF7C1062BB0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFileLastPointer
                                                                                • String ID:
                                                                                • API String ID: 2976181284-0
                                                                                • Opcode ID: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                • Instruction ID: 8be71a7e29e1bcb9e1aafdccd08d4c0059990eb0b06ea31cf3ab57f4cf41c4eb
                                                                                • Opcode Fuzzy Hash: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                • Instruction Fuzzy Hash: C9119021B1864581EB60EF25E8412A9B360FB44BB4F954331DE6D122D8CFBCE5D6C310
                                                                                Function 00007FF7C105255C Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ItemRectTextWindow$Clientswprintf
                                                                                • String ID:
                                                                                • API String ID: 3322643685-0
                                                                                • Opcode ID: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                • Instruction ID: 1264bc46a3311ebfb3f5107c67813717035edabc70458e99f1fb5b526cc8c2e1
                                                                                • Opcode Fuzzy Hash: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                • Instruction Fuzzy Hash: FB012510A0D64A81FF59BF51A464379E751AF85768F894035DC4E063D9DEBCE5C4C324
                                                                                Function 00007FF7C106EB58 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7C106EBAD,?,?,?,?,00007FF7C1065752,?,?,?,00007FF7C10656DE), ref: 00007FF7C106EB5C
                                                                                • GetProcessAffinityMask.KERNEL32 ref: 00007FF7C106EB6F
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Process$AffinityCurrentMask
                                                                                • String ID:
                                                                                • API String ID: 1231390398-0
                                                                                • Opcode ID: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                • Instruction ID: 9c7fe7ac0cd1d770c8853f7e5b893ea0ad8977740994c446ffa0337e843a8be3
                                                                                • Opcode Fuzzy Hash: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                • Instruction Fuzzy Hash: 1CE02B61F2464A42DF48DF55D4504EAB392BFC8B50FC59036E60B83714DE2CE1958B10
                                                                                Function 00007FF7C10821D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                • String ID:
                                                                                • API String ID: 1173176844-0
                                                                                • Opcode ID: c507040392a2377e4895e65205c3b95c5fe2146e3485fc393c80d7c2ffdcaf26
                                                                                • Instruction ID: 7f882e5a6c8e6b9656b98a6298e28461230447e7db03cef886e695fbf9be8ea1
                                                                                • Opcode Fuzzy Hash: c507040392a2377e4895e65205c3b95c5fe2146e3485fc393c80d7c2ffdcaf26
                                                                                • Instruction Fuzzy Hash: 0AE0EC44E0D10745FF287A6518261B480408F39370EEA1730DE3E04ED3ADACA4D1C330
                                                                                Function 00007FF7C108D90C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFreeHeapLast
                                                                                • String ID:
                                                                                • API String ID: 485612231-0
                                                                                • Opcode ID: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                • Instruction ID: 5d5e02465d7c63603286eacc0caba6b1ae4efa8f52d7fcb8e15d91fe383f8178
                                                                                • Opcode Fuzzy Hash: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                • Instruction Fuzzy Hash: 01E08C60E0D50742FF08BFB298152B8A3D2AF98B74F860135C90D86752EEBCA4D2C330
                                                                                Function 00007FF7C10533E4 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: af39ee99099a55e795e80951e1502b6695bf377bb292aa42fe2ae5656993095e
                                                                                • Instruction ID: 0495a7bd652baf33128cbc00769b69df2fbb5825e807bb57a0fe7c398d5a9eb7
                                                                                • Opcode Fuzzy Hash: af39ee99099a55e795e80951e1502b6695bf377bb292aa42fe2ae5656993095e
                                                                                • Instruction Fuzzy Hash: E8D1EE72B08A8951EF289F2585542B9F7A1FB05BE4F858039CB1D0B7A5CF78E4E18324
                                                                                Function 00007FF7C1065294 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: CompareString_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1017591355-0
                                                                                • Opcode ID: fa91c3799828e3c7186940546e344b2356dc381c1e63a9425ea543ecc2eeea66
                                                                                • Instruction ID: fe8d954c75067f01b0d108a137df8f0cd4eaef0436bd5f7478f63c598020aa13
                                                                                • Opcode Fuzzy Hash: fa91c3799828e3c7186940546e344b2356dc381c1e63a9425ea543ecc2eeea66
                                                                                • Instruction Fuzzy Hash: 4861BF11F1C657C1FB64BE25981527AE291AF45BF8F968131EE4D06AC6EEFCE4C18230
                                                                                Function 00007FF7C1071870 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7C106E948: ReleaseSemaphore.KERNEL32 ref: 00007FF7C106E974
                                                                                  • Part of subcall function 00007FF7C106E948: CloseHandle.KERNELBASE ref: 00007FF7C106E993
                                                                                  • Part of subcall function 00007FF7C106E948: DeleteCriticalSection.KERNEL32 ref: 00007FF7C106E9AA
                                                                                  • Part of subcall function 00007FF7C106E948: CloseHandle.KERNEL32 ref: 00007FF7C106E9B7
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C1071ACB
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: CloseHandle$CriticalDeleteReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 904680172-0
                                                                                • Opcode ID: f81b05313dfd5b5a73717daa6d384c08c9459244a7d30a6ec5ae517113eafb45
                                                                                • Instruction ID: 111bf2ed3f679bdc8b8380f9dfba55858f0084eda8301daced63821e6fe7d6e8
                                                                                • Opcode Fuzzy Hash: f81b05313dfd5b5a73717daa6d384c08c9459244a7d30a6ec5ae517113eafb45
                                                                                • Instruction Fuzzy Hash: 8D618F62B19A85A2EF08EF65D5540BCB365FF41BA0B954132DB2D07AC2CFB8E4E18350
                                                                                Function 00007FF7C105EC9C Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: d7b1a399856acf99fdb305a598bd345408e38bb8b7611d952776f17d246575aa
                                                                                • Instruction ID: 8243b92c19620a52de58e63b336c5c28425d85835b921016743dc9ad025a7646
                                                                                • Opcode Fuzzy Hash: d7b1a399856acf99fdb305a598bd345408e38bb8b7611d952776f17d246575aa
                                                                                • Instruction Fuzzy Hash: 8251BE62A1CA8280FB14BF2594543A9E751EB86BE4F854136EE8D07396CEBDE4C5C324
                                                                                Function 00007FF7C105E7A8 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7C1063EC8: FindClose.KERNELBASE(?,?,00000000,00007FF7C1070811), ref: 00007FF7C1063EFD
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C105E993
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1011579015-0
                                                                                • Opcode ID: e982e273b1865209a75a3cfd535ad9023e3388265a11ab7418cbf5dec2d39955
                                                                                • Instruction ID: 235bec995d85f43a93b8e72b23a4313d9b87d654a63b83aac70c94bf0242e9a6
                                                                                • Opcode Fuzzy Hash: e982e273b1865209a75a3cfd535ad9023e3388265a11ab7418cbf5dec2d39955
                                                                                • Instruction Fuzzy Hash: D3515122A1CA8681FB60EF25D45537DE361FF84BA4F850136EA8D077A5DFACE481C724
                                                                                Function 00007FF7C1061794 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 60c8fe66f84878668f1e37175277eb608c06b9d2d44befc405cc34de4c74e42f
                                                                                • Instruction ID: 88b4f2a2229036866e3155aea41effad4e70c3cbec0b256888a476c8ae908c1f
                                                                                • Opcode Fuzzy Hash: 60c8fe66f84878668f1e37175277eb608c06b9d2d44befc405cc34de4c74e42f
                                                                                • Instruction Fuzzy Hash: 09410662B18B8142EB14AE17AA00379E291FB85FD0F858436EE4C07F4ADFBCD4D18300
                                                                                Function 00007FF7C1062F58 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 71211bdb8fcfb718bc8c1f80de60d6f389c440e1fadeaa63cd7f355b18b082f6
                                                                                • Instruction ID: 69b3dc233029cbf947552f6608c70cddeee58febc346557ba015e43b1022e453
                                                                                • Opcode Fuzzy Hash: 71211bdb8fcfb718bc8c1f80de60d6f389c440e1fadeaa63cd7f355b18b082f6
                                                                                • Instruction Fuzzy Hash: D041F762B08B0180FF10AF15E555379A361EB45BE4F955138EE4D0B799CFBDE4C48360
                                                                                Function 00007FF7C108BDF8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                                • String ID:
                                                                                • API String ID: 3947729631-0
                                                                                • Opcode ID: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                • Instruction ID: 07bbaba0bef0bbd12276d46d9e049adbf9e308b34dd71008cf42b1d4759b6ef8
                                                                                • Opcode Fuzzy Hash: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                • Instruction Fuzzy Hash: 96419D21A1C60286FB24FF149450278A7A1FF65B60FC64437DA0D47AE2DEBDE8C1C760
                                                                                Function 00007FF7C105129C Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                • String ID:
                                                                                • API String ID: 680105476-0
                                                                                • Opcode ID: 8615e64c65e08c4765cb9fe696173ca1d24e70e0804716bd186f62c3c2783a0a
                                                                                • Instruction ID: f09fc62fe0dfd6589da7b969409819d8d2b8d13fc197c0cb209dc13f11b0e758
                                                                                • Opcode Fuzzy Hash: 8615e64c65e08c4765cb9fe696173ca1d24e70e0804716bd186f62c3c2783a0a
                                                                                • Instruction Fuzzy Hash: 6B219722A08B5185EB146F51A420279A250FB45BF0F954730DE7D47BD3DEFCE4D18358
                                                                                Function 00007FF7C109124C Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                                • Instruction ID: 2c2ed981d51d6e3a259bfe70041d42db52b7e9136ca545b79bd1100424f19223
                                                                                • Opcode Fuzzy Hash: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                                • Instruction Fuzzy Hash: 32114C72E1C74286F710BF50A450639E3A4FB423B0FD60175EA8D87A96DFBCE4A08764
                                                                                Function 00007FF7C107FC68 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7C107F0A4: GetDlgItem.USER32 ref: 00007FF7C107F0E3
                                                                                  • Part of subcall function 00007FF7C107F0A4: ShowWindow.USER32 ref: 00007FF7C107F109
                                                                                  • Part of subcall function 00007FF7C107F0A4: SendMessageW.USER32 ref: 00007FF7C107F11E
                                                                                  • Part of subcall function 00007FF7C107F0A4: SendMessageW.USER32 ref: 00007FF7C107F136
                                                                                  • Part of subcall function 00007FF7C107F0A4: SendMessageW.USER32 ref: 00007FF7C107F157
                                                                                  • Part of subcall function 00007FF7C107F0A4: SendMessageW.USER32 ref: 00007FF7C107F173
                                                                                  • Part of subcall function 00007FF7C107F0A4: SendMessageW.USER32 ref: 00007FF7C107F1B6
                                                                                  • Part of subcall function 00007FF7C107F0A4: SendMessageW.USER32 ref: 00007FF7C107F1D4
                                                                                  • Part of subcall function 00007FF7C107F0A4: SendMessageW.USER32 ref: 00007FF7C107F1E8
                                                                                  • Part of subcall function 00007FF7C107F0A4: SendMessageW.USER32 ref: 00007FF7C107F212
                                                                                  • Part of subcall function 00007FF7C107F0A4: SendMessageW.USER32 ref: 00007FF7C107F22A
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C107FD03
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$ItemShowWindow_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1587882848-0
                                                                                • Opcode ID: 98356bcfc0f9eb0b54ad4562f3e8dfcdedede25df190cb48db04b7e24fbe0ebe
                                                                                • Instruction ID: 07a5fb1a1f662b4729bf23a083bfc166e9b4eaf7855781f9c3c695cf32179c14
                                                                                • Opcode Fuzzy Hash: 98356bcfc0f9eb0b54ad4562f3e8dfcdedede25df190cb48db04b7e24fbe0ebe
                                                                                • Instruction Fuzzy Hash: AC01C862A2868541FB10BF24D44537DA351EF897A4F910331EAAC06BDADFACE0C0C714
                                                                                Function 00007FF7C1053AD8 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: dd833eb704b03c62a36fea145c0b0b4abee32047d89ef2e694e61e0216d7ee09
                                                                                • Instruction ID: dc618f5a690fa452cb9fb6a8990fefcb65079d24bb8dacd375369615acc7232f
                                                                                • Opcode Fuzzy Hash: dd833eb704b03c62a36fea145c0b0b4abee32047d89ef2e694e61e0216d7ee09
                                                                                • Instruction Fuzzy Hash: 6E01C8A2E1CA8941FB11AF24E451229B361FB857B0FC19235E79C0BBA5DFACD1808714
                                                                                Function 00007FF7C1081558 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7C1081604: GetModuleHandleW.KERNEL32(?,?,?,00007FF7C1081573,?,?,?,00007FF7C108192A), ref: 00007FF7C108162B
                                                                                • DloadProtectSection.DELAYIMP ref: 00007FF7C10815C9
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: DloadHandleModuleProtectSection
                                                                                • String ID:
                                                                                • API String ID: 2883838935-0
                                                                                • Opcode ID: 908f49ac33541a8240f4269ada82e733cc5c0c647bda27ab8868a2cee9a60ef3
                                                                                • Instruction ID: 8315df65d6eebe9b13fb97a503c224f4783d09caa1cdb49506e0feec20fc505e
                                                                                • Opcode Fuzzy Hash: 908f49ac33541a8240f4269ada82e733cc5c0c647bda27ab8868a2cee9a60ef3
                                                                                • Instruction Fuzzy Hash: 6211A860D0C60685FB60FF05A8543B0B350BF19368F9A0036C90D467BAEEBCA5E58730
                                                                                Function 00007FF7C1063EC8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7C10640BC: FindFirstFileW.KERNELBASE ref: 00007FF7C106410B
                                                                                  • Part of subcall function 00007FF7C10640BC: FindFirstFileW.KERNEL32 ref: 00007FF7C106415E
                                                                                  • Part of subcall function 00007FF7C10640BC: GetLastError.KERNEL32 ref: 00007FF7C10641AF
                                                                                • FindClose.KERNELBASE(?,?,00000000,00007FF7C1070811), ref: 00007FF7C1063EFD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Find$FileFirst$CloseErrorLast
                                                                                • String ID:
                                                                                • API String ID: 1464966427-0
                                                                                • Opcode ID: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                • Instruction ID: 2526d3125d880ffa0a44c4e0b1963f5c8e68570da00c815b2a341747139e7c2a
                                                                                • Opcode Fuzzy Hash: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                • Instruction Fuzzy Hash: 11F0A46260824185EB50BFB5A100179B7609B15BB4F569339EE7D0B3C7CE68D4D4C7A4
                                                                                Function 00007FF7C106273C Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: File
                                                                                • String ID:
                                                                                • API String ID: 749574446-0
                                                                                • Opcode ID: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
                                                                                • Instruction ID: 3ec32c7afc8d2fe2304cfa332f17f656f656ab7660bd69e955f1ab7b0cb91ac5
                                                                                • Opcode Fuzzy Hash: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
                                                                                • Instruction Fuzzy Hash: 14E08C12B2461982EB24BF2AC856A68A320BF88B94F891031CE0C07321CF2DC4E58A10
                                                                                Function 00007FF7C1062490 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: FileType
                                                                                • String ID:
                                                                                • API String ID: 3081899298-0
                                                                                • Opcode ID: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                • Instruction ID: fd8e6b0fa410cfd9d0a51af213457e7fa7e0395b3550e911bb09b02504795df8
                                                                                • Opcode Fuzzy Hash: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                • Instruction Fuzzy Hash: 15D01212E0944182DF50AB369C5207C7360AF92735FE50731DA3E816E1CE5DE4D6A321
                                                                                Function 00007FF7C1067FC4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentDirectory
                                                                                • String ID:
                                                                                • API String ID: 1611563598-0
                                                                                • Opcode ID: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                • Instruction ID: 250a372055187fb6ec3a54d3f2c6556624c9489e9ba60f23b2aae37b29742aa2
                                                                                • Opcode Fuzzy Hash: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                • Instruction Fuzzy Hash: 5CC08C20F05502C1DB18AF26C8CA01813A4BB80B15FA24035D60C81220CE2DC4FA9355
                                                                                Function 00007FF7C108FA04 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: AllocHeap
                                                                                • String ID:
                                                                                • API String ID: 4292702814-0
                                                                                • Opcode ID: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                                • Instruction ID: b77e34efcbcfca6c7989c734149328e80190723872e512bccf5d4e6832b7c450
                                                                                • Opcode Fuzzy Hash: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                                • Instruction Fuzzy Hash: B4F03794B0D20745FF54BE7199213B4D294EF58BB0F8E5470C90E8AB82EEACE6C18330
                                                                                Function 00007FF7C108D94C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: AllocHeap
                                                                                • String ID:
                                                                                • API String ID: 4292702814-0
                                                                                • Opcode ID: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                • Instruction ID: 2fbb5bb11907075d021943ebf2684def1582d121478fbe4b70f7ca1a4a9a3fcf
                                                                                • Opcode Fuzzy Hash: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                • Instruction Fuzzy Hash: 83F05850B0D20754FF647EB158203B49A91EF847B0F8A1734DDAE86AC2DEACA4C1C330
                                                                                Function 00007FF7C10620D0 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: CloseHandle
                                                                                • String ID:
                                                                                • API String ID: 2962429428-0
                                                                                • Opcode ID: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                • Instruction ID: 630c67a48ea519f52e1cc2bdb5fdb4cbf611eed39fb503d13931d0a3e9177784
                                                                                • Opcode Fuzzy Hash: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                • Instruction Fuzzy Hash: 53F0AF22B09686C5FB249F20E0413B9B661EB24B78F8A4335EB3C091D4DFA8D9D58320

                                                                                Non-executed Functions

                                                                                Function 00007FF7C105C2F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 754fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CloseErrorFileHandleLastwcscpy$ControlCreateCurrentDeleteDeviceDirectoryProcessRemove
                                                                                • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                • API String ID: 2659423929-3508440684
                                                                                • Opcode ID: 133043678a36d966ba880c912d6856c5696a7c6c433e50d223eb52f27bd95b56
                                                                                • Instruction ID: 0bd5df77b3b93ffc6bec1d9a36a9531e3bdd3ee4a6875f327396f5eb1f4a210d
                                                                                • Opcode Fuzzy Hash: 133043678a36d966ba880c912d6856c5696a7c6c433e50d223eb52f27bd95b56
                                                                                • Instruction Fuzzy Hash: 7862C262F08A4285FB00EF74D4542BDA365EB857B8F914232DA6C57ADADFB8E1C4C314
                                                                                Function 00007FF7C106F180 Relevance: 43.2, APIs: 22, Strings: 2, Instructions: 1205COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLoadString$Concurrency::cancel_current_taskInit_thread_footer
                                                                                • String ID: %ls$%s: %s
                                                                                • API String ID: 2539828978-2259941744
                                                                                • Opcode ID: 945c123c5738f6103966ecffbffa27c83b3bf35cf43ea0aac1725ee40d95c140
                                                                                • Instruction ID: d3053eca41186dcc8ad890ddd57304816eee4cd020160a0b3f093e1ac87075df
                                                                                • Opcode Fuzzy Hash: 945c123c5738f6103966ecffbffa27c83b3bf35cf43ea0aac1725ee40d95c140
                                                                                • Instruction Fuzzy Hash: D7B28362A5868281EB14BF25D4541BEE311FF967E0F914336EA9D03AEADFACD1C0C350
                                                                                Function 00007FF7C1092550 Relevance: 22.3, APIs: 8, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfomemcpy_s
                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                • API String ID: 1759834784-2761157908
                                                                                • Opcode ID: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                                                • Instruction ID: b084c6fee5eb095157f66033006e0c43abb5aa7ba9d38593381a49defdd11421
                                                                                • Opcode Fuzzy Hash: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                                                • Instruction Fuzzy Hash: BEB23B72E081828BE725EE75D4607FDB7A1FB443A8F855139DA0A5BB84CF78E584CB10
                                                                                Function 00007FF7C1061A48 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 375fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
                                                                                • String ID: rtmp
                                                                                • API String ID: 3587137053-870060881
                                                                                • Opcode ID: 3dcc5890c2e22e4a5feb2ae31f1f4ae3f3b67a4ee4a7a529d594af89e49fc87b
                                                                                • Instruction ID: e97726a3beb2328609bc534638bbe1db05362b28898cc1db80d5da352f3903a2
                                                                                • Opcode Fuzzy Hash: 3dcc5890c2e22e4a5feb2ae31f1f4ae3f3b67a4ee4a7a529d594af89e49fc87b
                                                                                • Instruction Fuzzy Hash: 06F1C122B08A4291EB10EF65D8901BDA761FBD63E4F911132EE4D43AAADFBCD5C4C750
                                                                                Function 00007FF7C1065B60 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1693479884-0
                                                                                • Opcode ID: 35b10314ce3b8e4c64707b679fc70269f3b9094245ec8e91ba41ccecbc270bb7
                                                                                • Instruction ID: e8704192fddf784fca1af07fbda4df9d7acde73a742fd84432c828c235245d9e
                                                                                • Opcode Fuzzy Hash: 35b10314ce3b8e4c64707b679fc70269f3b9094245ec8e91ba41ccecbc270bb7
                                                                                • Instruction Fuzzy Hash: 0CA1B062F15A5684FF00AF7988441BDA321AB85BF4B955231DE6D17BC9DEBCE0C18310
                                                                                Function 00007FF7C1083170 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                • String ID:
                                                                                • API String ID: 3140674995-0
                                                                                • Opcode ID: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                                • Instruction ID: 8de638be051c47142a3f7c86d65d11822caebec7f942c52aaa640a005bb352f7
                                                                                • Opcode Fuzzy Hash: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                                • Instruction Fuzzy Hash: 94316372608B859AEB609F60E8503EDB370FB84754F85843ADA4D47B98DF7CD598C720
                                                                                Function 00007FF7C10876D8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                • String ID:
                                                                                • API String ID: 1239891234-0
                                                                                • Opcode ID: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                                • Instruction ID: f26909efd07354abf0b3a20dc7b49804813ada6604d8043537eccbecd32a2dab
                                                                                • Opcode Fuzzy Hash: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                                • Instruction Fuzzy Hash: AF31A532618F8185EB20DF25E8502AEB3A0FB84764F954136EA8D43B99DF7CC195CB10
                                                                                Function 00007FF7C1051AA4 Relevance: 6.3, APIs: 4, Instructions: 285COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: c264b490cac148f64dd39c131735208f64494c1dc21ecf378d5d3bcbd534f5da
                                                                                • Instruction ID: 897321915559c704d61bcded3599210062f25eb1d35259d29b964ac72f55ab12
                                                                                • Opcode Fuzzy Hash: c264b490cac148f64dd39c131735208f64494c1dc21ecf378d5d3bcbd534f5da
                                                                                • Instruction Fuzzy Hash: 7BB1E222B18B8685EB10BF25D8502EDA361FF867E4F815231EA4D03B9ADFBCD580C314
                                                                                Function 00007FF7C108FA94 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7C108FAC4
                                                                                  • Part of subcall function 00007FF7C1087934: GetCurrentProcess.KERNEL32(00007FF7C1090CCD), ref: 00007FF7C1087961
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                • String ID: *?$.
                                                                                • API String ID: 2518042432-3972193922
                                                                                • Opcode ID: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                                • Instruction ID: 2ecb19cdfb7e93cfdadcaed44108cc73d67ddd0fcb1895a47a7e575683fc353e
                                                                                • Opcode Fuzzy Hash: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                                • Instruction Fuzzy Hash: 6051E662B18B9941FF10EFB295100B9A7A4FB48BE8B864535DE5D17F85DEBCD4828320
                                                                                Function 00007FF7C1092080 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: memcpy_s
                                                                                • String ID:
                                                                                • API String ID: 1502251526-0
                                                                                • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                • Instruction ID: b6d4cd670d7f6cf0df113c15b0a1a48b2b5210b3b6b0e6b96c8ce35d65209e83
                                                                                • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                • Instruction Fuzzy Hash: C9D1D032B1828687DB34DF15E1947AAF7A1FB987A4F858134DB4E57B44DA3CE881CB00
                                                                                Function 00007FF7C105B6D8 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFormatFreeLastLocalMessage
                                                                                • String ID:
                                                                                • API String ID: 1365068426-0
                                                                                • Opcode ID: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                                                • Instruction ID: dc642c587425dc4eaf765467fbe2d8fc7f909a21fa08f7261b5fd69c0c7a8767
                                                                                • Opcode Fuzzy Hash: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                                                • Instruction Fuzzy Hash: 0401627160CB4682EB50AF22B86017AE392FB89BD0F894035EA8D47B49CF7CE594C714
                                                                                Function 00007FF7C108FCA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: .
                                                                                • API String ID: 0-248832578
                                                                                • Opcode ID: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                                                • Instruction ID: 6f05abe54eb1eb70d1cedb25c9407ee29b506fa143a382dc1c186120652dff46
                                                                                • Opcode Fuzzy Hash: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                                                • Instruction Fuzzy Hash: C831E822B0CA9545F720AE3698057A9EB91EB94FF4F958235DE6C47FC5CEBCD5418300
                                                                                Function 00007FF7C1095AF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionRaise_clrfp
                                                                                • String ID:
                                                                                • API String ID: 15204871-0
                                                                                • Opcode ID: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                                                • Instruction ID: c29c5943d4d2492269ed24aa8eed7af6d012c5f23619a35b17f59960e5a005ca
                                                                                • Opcode Fuzzy Hash: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                                                • Instruction Fuzzy Hash: 83B17B73601B88CBEB15DF2AC85636C7BA0F744B58F168932DA5D837A4CB79D492C710
                                                                                Function 00007FF7C1078DF4 Relevance: 3.2, APIs: 2, Instructions: 186COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ObjectRelease$CapsDevice
                                                                                • String ID:
                                                                                • API String ID: 1061551593-0
                                                                                • Opcode ID: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                                                • Instruction ID: c3524f5ed728ada5c526f28f2a0329082c54ab140bf7b6b0ee3461c092b9bc0f
                                                                                • Opcode Fuzzy Hash: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                                                • Instruction Fuzzy Hash: 39816C32B18A0586EB20DF6AD4546ACB771FB88BA8F414132DE0D57B28DF78D199C390
                                                                                Function 00007FF7C107A2CC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: FormatInfoLocaleNumber
                                                                                • String ID:
                                                                                • API String ID: 2169056816-0
                                                                                • Opcode ID: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                                • Instruction ID: c189a02a7df0239229753c8b18ac82e1fc94220d12f368bf7baa5e702875f8ab
                                                                                • Opcode Fuzzy Hash: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                                • Instruction Fuzzy Hash: D1115C22A08B8595E761EF21E4103E9B360FF88B94FC68135DA4D03764EF7CD185C765
                                                                                Function 00007FF7C106126C Relevance: 1.7, APIs: 1, Instructions: 241COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7C10624C0: CreateFileW.KERNELBASE ref: 00007FF7C106259B
                                                                                  • Part of subcall function 00007FF7C10624C0: GetLastError.KERNEL32 ref: 00007FF7C10625AE
                                                                                  • Part of subcall function 00007FF7C10624C0: CreateFileW.KERNEL32 ref: 00007FF7C106260E
                                                                                  • Part of subcall function 00007FF7C10624C0: GetLastError.KERNEL32 ref: 00007FF7C1062617
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C10615D0
                                                                                  • Part of subcall function 00007FF7C1063980: MoveFileW.KERNEL32 ref: 00007FF7C10639BD
                                                                                  • Part of subcall function 00007FF7C1063980: MoveFileW.KERNEL32 ref: 00007FF7C1063A34
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: File$CreateErrorLastMove$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 34527147-0
                                                                                • Opcode ID: 980cd56be866766a23a9553c8d4159ccf1d73d98ddfd7d5c2418f08c88695bde
                                                                                • Instruction ID: 810ca1005b10e3ce020c6104a029c671f43a9e5e83be564bcc34fe555f60e59a
                                                                                • Opcode Fuzzy Hash: 980cd56be866766a23a9553c8d4159ccf1d73d98ddfd7d5c2418f08c88695bde
                                                                                • Instruction Fuzzy Hash: 5891C122B18A4682EB10EF62D4542BDA361FF95BD4F864032EE0E47B96DFBCD585C350
                                                                                Function 00007FF7C10651A4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Version
                                                                                • String ID:
                                                                                • API String ID: 1889659487-0
                                                                                • Opcode ID: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                                                                • Instruction ID: 59be10d50a7d601f104176d82893dbc04fdaebb32560f21d070b6ecb83291f87
                                                                                • Opcode Fuzzy Hash: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                                                                • Instruction Fuzzy Hash: C901D771A08543CAF764EF10E85177AB2A1FB98364F920235EA5D46794DBBCF4858A20
                                                                                Function 00007FF7C1088C1C Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: 0
                                                                                • API String ID: 3215553584-4108050209
                                                                                • Opcode ID: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                                                • Instruction ID: b59cf4390ff7a6ec2d5aa190274e77b91b66dc9e15cf1ccd71f65078ac54195c
                                                                                • Opcode Fuzzy Hash: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                                                • Instruction Fuzzy Hash: 06810322A1C64242FBA8BE15804067DA390FF50764F961933DD099BF99CFBDE8D1C361
                                                                                Function 00007FF7C10889A0 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: 0
                                                                                • API String ID: 3215553584-4108050209
                                                                                • Opcode ID: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                                • Instruction ID: c68bd0c1fe980a5db43b898a0adb3f94e7e2ad2be49b0d95e52865df4ab7b02b
                                                                                • Opcode Fuzzy Hash: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                                • Instruction Fuzzy Hash: DE712821A0C68346FB68AE18804027DE790FF81774F965533CD0997ED6CEADE8D6C761
                                                                                Function 00007FF7C106C96C Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: gj
                                                                                • API String ID: 0-4203073231
                                                                                • Opcode ID: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                                                • Instruction ID: 970f02edb068e3c6201183e0eb3ef2587c148af11111a29c112acedb0c85fb24
                                                                                • Opcode Fuzzy Hash: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                                                • Instruction Fuzzy Hash: 70517F377286908BD764CF25E404A9AB3A5F388798F455126EF4A93F09CB39E945CF40
                                                                                Function 00007FF7C108C838 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @
                                                                                • API String ID: 0-2766056989
                                                                                • Opcode ID: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                                                • Instruction ID: 3288b3d5eb21ff6ec99fe30f2cf1b6f46f575e6b32138ed9a00d9b7eafb3c6cd
                                                                                • Opcode Fuzzy Hash: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                                                • Instruction Fuzzy Hash: 8941DF62718A4486FB04EF2AD5182A9B7A1E758FE0B8A9036DF4D87B54DE7CD481C310
                                                                                Function 00007FF7C1090D20 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: HeapProcess
                                                                                • String ID:
                                                                                • API String ID: 54951025-0
                                                                                • Opcode ID: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                                • Instruction ID: 29dcbfcfd4182a17596bbc7170abe74f19d86c28d7eefed85fdda294a71464f2
                                                                                • Opcode Fuzzy Hash: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                                • Instruction Fuzzy Hash: 76B09220E17A06C2EB087F116C9225862E4BF48720FD6C07AC50C81320DE6C20F54720
                                                                                Function 00007FF7C1073964 Relevance: .9, Instructions: 931COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 93e830777a8553980f5fe243353a36f6d8d27a5fc8052bc9569f2c684e316ecf
                                                                                • Instruction ID: 20bbc9a2ddf7adc0f0c77f9f19908ccff263747d46779d00651e8d614db4c994
                                                                                • Opcode Fuzzy Hash: 93e830777a8553980f5fe243353a36f6d8d27a5fc8052bc9569f2c684e316ecf
                                                                                • Instruction Fuzzy Hash: 848226A3A09AC186E705EF24D4046BCBB61E755B98F9AC13ACA4E4B385DF7CD4C5C360
                                                                                Function 00007FF7C10576C0 Relevance: .9, Instructions: 893COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                                                • Instruction ID: da22c774c8763c2383ce3ef45722285d670d942faaf531f75bd7488493ed1079
                                                                                • Opcode Fuzzy Hash: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                                                • Instruction Fuzzy Hash: 53626F9AD3AF9A1EE303A53954131D2E35C0EF74C9551E31BFCE431E66EB92A6832314
                                                                                Function 00007FF7C10753F0 Relevance: .9, Instructions: 891COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 569adc29ececf777b1726fc3f5cd67d4b9927b4b604ee9515eb09b13eba64041
                                                                                • Instruction ID: 5aac2c415ea9e3998b4953093979c2fa75b7daf77c046c12ad294bab24e8c0d0
                                                                                • Opcode Fuzzy Hash: 569adc29ececf777b1726fc3f5cd67d4b9927b4b604ee9515eb09b13eba64041
                                                                                • Instruction Fuzzy Hash: E68200B2A096C18AD724DF28D4046FCBBA1F755B68F4A8236CA4D47785CF7C9885C7A0
                                                                                Function 00007FF7C106BB90 Relevance: .6, Instructions: 587COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                                                • Instruction ID: 0d4e35ba168c1de59e22f5fb226d1baa0e5ff5598a44c87f0ba2234b4f3ac147
                                                                                • Opcode Fuzzy Hash: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                                                • Instruction Fuzzy Hash: 4122F6B3B246508BD728CF15C89AE5E3766F798744B4B8228DF0ACBB85DB38D505CB40
                                                                                Function 00007FF7C1074B98 Relevance: .6, Instructions: 578COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                                                • Instruction ID: 7bb5b09986af3c1e4d99f436bd5da60e801d844ef1ee6c6b46a02c7584c93937
                                                                                • Opcode Fuzzy Hash: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                                                • Instruction Fuzzy Hash: 99320072A086818BE71CDF24D550BBC77A1F754B58F468139DB4A87B88DB7CE8A0C790
                                                                                Function 00007FF7C1057288 Relevance: .3, Instructions: 294COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                                                • Instruction ID: 26aaa0c756b973f087a1d286cdc2f1872cb0473247d5e9d580f737ff3fcffc6f
                                                                                • Opcode Fuzzy Hash: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                                                • Instruction Fuzzy Hash: B7C1ACB7B281908FE350CF7AE400A9D7BB1F39878CB519125EF59A3B09D639E645CB40
                                                                                Function 00007FF7C1072D58 Relevance: .3, Instructions: 268COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                                                • Instruction ID: 7eae28181b1fc2526d1d9ed25bfd8d374f89a704f78ec6b237ab210fc66302a3
                                                                                • Opcode Fuzzy Hash: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                                                • Instruction Fuzzy Hash: 01A13673A0818286EB15EE24D4447BDA791EB90764F978535DA4D47786CFBCE8C1C3A0
                                                                                Function 00007FF7C106AF18 Relevance: .2, Instructions: 244COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                                                • Instruction ID: 485bdcd769215de65cfed95fc848607785770611e1f4b9220664c1d704802d94
                                                                                • Opcode Fuzzy Hash: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                                                • Instruction Fuzzy Hash: DEC10573B291E04DE302CBB5A4248FD3FF1E71E34DB8A4151EF9666B4AD6285241DB70
                                                                                Function 00007FF7C105A310 Relevance: .2, Instructions: 230COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID:
                                                                                • API String ID: 190572456-0
                                                                                • Opcode ID: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                                                • Instruction ID: b01ce7718e2019977cd331344c0f68d1a22af78faf9f94bf2f651270de65518f
                                                                                • Opcode Fuzzy Hash: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                                                • Instruction Fuzzy Hash: FB915463B1898196EB11EF29D4512FDA720FF95798F851031EF4E07B4AEEB8D686C310
                                                                                Function 00007FF7C106B534 Relevance: .2, Instructions: 181COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                                                • Instruction ID: d8562d4d244e2676b1c32a89cab764133438e10940770e11c3e3b55431f2434c
                                                                                • Opcode Fuzzy Hash: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                                                • Instruction Fuzzy Hash: 556144A3B081D149EB11DF7585004FDBFB1EB09794B8A8032DF9A57646DABCE586CB20
                                                                                Function 00007FF7C10721D0 Relevance: .1, Instructions: 137COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                                                • Instruction ID: 4c9e2a1ef637f201b81473764dc56d604e219c4e0acbbaeb7ef41adf975be675
                                                                                • Opcode Fuzzy Hash: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                                                • Instruction Fuzzy Hash: 05512473B181915BE7289F28D0047BDB752F780B68F868134DB4947A89DF7DE581CB50
                                                                                Function 00007FF7C1072AB0 Relevance: .1, Instructions: 112COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                                                • Instruction ID: b06ff2dbf0590b356fa6443de4389104b6ed4a4b467618534167f754a0cfa1b0
                                                                                • Opcode Fuzzy Hash: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                                                • Instruction Fuzzy Hash: EE31E3B2A085914BD708EE16DA9027EB790F744350F45C139DF4A87B41DEBCE081C750
                                                                                Function 00007FF7C10958E0 Relevance: .0, Instructions: 32COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                                                                • Instruction ID: c2cb3c094f6ddb4f82d323391740961eb65b24db7e88d44379bb00abebaeba7e
                                                                                • Opcode Fuzzy Hash: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                                                                • Instruction Fuzzy Hash: F3F096B2B1C6958BEBA4DF2DA842729B7D0F7083D4FC48039DA8D83B14D67C94A19F14
                                                                                Function 00007FF7C1083354 Relevance: .0, Instructions: 2COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                                                • Instruction ID: 9bcd39efd8a9197acf7c0a6aa1ccec18bd28b7ef75300c040b98e08331eddfd1
                                                                                • Opcode Fuzzy Hash: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                                                • Instruction Fuzzy Hash: AEA001A190C846E0E744AF11A860070A220FB90320B92C036E00D856A49EACA4918320
                                                                                Function 00007FF7C105D7D0 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 98COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
                                                                                • API String ID: 3668304517-727060406
                                                                                • Opcode ID: 036f0b4177b3bd4acf8be137eac01bdc749329f6e627dd372102b0288b9b6631
                                                                                • Instruction ID: 398e89934f1ffbc4f01967f21f4f147f639caf802d9e3e669a4dc6fa4b15c693
                                                                                • Opcode Fuzzy Hash: 036f0b4177b3bd4acf8be137eac01bdc749329f6e627dd372102b0288b9b6631
                                                                                • Instruction Fuzzy Hash: 49410876B05F4599EB00AF60D4503E873B5FB087A8F810136DA4C53B69EF78D1A5C354
                                                                                Function 00007FF7C1082A10 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                • API String ID: 2565136772-3242537097
                                                                                • Opcode ID: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                                • Instruction ID: 92ae6c1905bd1a590ebb2c8f7cdb017488cf7d85bd898b47b7a6e731fd771437
                                                                                • Opcode Fuzzy Hash: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                                • Instruction Fuzzy Hash: B221F964A1DA0782FB54FF61A865574E2A0FF44BB0FC64036C90E42BA1DEBCA4D5C320
                                                                                Function 00007FF7C1066A0C Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 444COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                • String ID: DXGIDebug.dll$UNC$\\?\
                                                                                • API String ID: 4097890229-4048004291
                                                                                • Opcode ID: caeda946b173b290eeb0eea351584ffd7bcd35d17f0c3fb79cdbd079912c01be
                                                                                • Instruction ID: e730e3d78b45c8d3086a57043b9f094db575451d054a701436d547a8808e29dd
                                                                                • Opcode Fuzzy Hash: caeda946b173b290eeb0eea351584ffd7bcd35d17f0c3fb79cdbd079912c01be
                                                                                • Instruction Fuzzy Hash: 3612CF22B08A42C0EB10EF65D4541ADA371EB81BA8F914235DE5D07BEADFBCD5C6C364
                                                                                Function 00007FF7C107A440 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 257COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskDialog
                                                                                • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                                                • API String ID: 431506467-1315819833
                                                                                • Opcode ID: 100daac0e34165666268f43f408bc6971489d972bf40231fa28c726ba550acfe
                                                                                • Instruction ID: e792d11e099d352769cfafda0e46453c3aea3be0119be6df917ca0c42ef61369
                                                                                • Opcode Fuzzy Hash: 100daac0e34165666268f43f408bc6971489d972bf40231fa28c726ba550acfe
                                                                                • Instruction Fuzzy Hash: EDB1CE62F19B8285FB00EF64D4452BCA362EB853A4F854235DE5D26BD9DFBCE085C360
                                                                                Function 00007FF7C1076E80 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 204memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Global$AllocCreateStream
                                                                                • String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                • API String ID: 2868844859-1533471033
                                                                                • Opcode ID: 31d7dc5894d1c9fa85229d9e77b41a308ef747ae09a8312bf4b27f03762016a6
                                                                                • Instruction ID: 75f31e737deb7d15d8afb3bc9d368da440fe79a7f0b13fd73ecf3172da7b570f
                                                                                • Opcode Fuzzy Hash: 31d7dc5894d1c9fa85229d9e77b41a308ef747ae09a8312bf4b27f03762016a6
                                                                                • Instruction Fuzzy Hash: 6681D062F18A0285FB00EFA5D4542FCA371AF497E4F814135DE1D17A9ADFB8D58AC360
                                                                                Function 00007FF7C108E650 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                • API String ID: 3215553584-2617248754
                                                                                • Opcode ID: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                                • Instruction ID: cfdca4d5896bf6350986b3084b724cc72103f64880ae0f58e23db0615b33364b
                                                                                • Opcode Fuzzy Hash: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                                • Instruction Fuzzy Hash: BD41CE32A09B4589F700EF24E8517AD73A4EB183A8F824136EE9C07B94DE7CD0A5C354
                                                                                Function 00007FF7C107F390 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Window$MessageObjectSend$ClassDeleteLongName
                                                                                • String ID: STATIC
                                                                                • API String ID: 2845197485-1882779555
                                                                                • Opcode ID: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                • Instruction ID: 75e927ceaecd92d7f826dea669a08f69a49059a12d05756ad87c39fe8221e779
                                                                                • Opcode Fuzzy Hash: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                • Instruction Fuzzy Hash: BC31C825B1864286FB60FF11A5147BAA391BF89BE0F824430DD4D07B56DFBCE485C7A0
                                                                                Function 00007FF7C107AE90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ItemTextWindow
                                                                                • String ID: LICENSEDLG
                                                                                • API String ID: 2478532303-2177901306
                                                                                • Opcode ID: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                                                                • Instruction ID: 1e212f0f93effd7a959ecc267575508223f276c83009096ed869bdbba92c0a14
                                                                                • Opcode Fuzzy Hash: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                                                                • Instruction Fuzzy Hash: 1641BD31B08A0282FB10FF11A814379A3A0AF84FA0F964434DD0E43B95CFBCE5C683A1
                                                                                Function 00007FF7C106B9B4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc$CurrentDirectoryProcessSystem
                                                                                • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                                                • API String ID: 2915667086-2207617598
                                                                                • Opcode ID: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
                                                                                • Instruction ID: 9aad634ee8fa139dac419a4eb87a4575bd095af8540cd8f779f1f08da0f6e79b
                                                                                • Opcode Fuzzy Hash: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
                                                                                • Instruction Fuzzy Hash: 90314AA0B09B0680FB14EF12A864679A7A1BF44BB1F871136CD4E033A4DEBCE5C58324
                                                                                Function 00007FF7C10787D8 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 415COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: $
                                                                                • API String ID: 3668304517-227171996
                                                                                • Opcode ID: 7957b1f7c23d8b99e8b957fd2374c8a83d1170bc9397b993806739df2f8497c6
                                                                                • Instruction ID: ed1acd3075c0768eef69ab974ff4b6ec1332c2abbbe59fecda4e5bf5faa5da17
                                                                                • Opcode Fuzzy Hash: 7957b1f7c23d8b99e8b957fd2374c8a83d1170bc9397b993806739df2f8497c6
                                                                                • Instruction Fuzzy Hash: 36F1AE62F14A4680EF00AF65D4441BCA361BB44BB8F925632CA5D17BD9DFBCE4E0C3A4
                                                                                Function 00007FF7C10857EC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                                • String ID: csm$csm$csm
                                                                                • API String ID: 2940173790-393685449
                                                                                • Opcode ID: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                                • Instruction ID: 084d18f566a240bf2497c6d25656026b4d7d5461410fbc80f4df9196af3b0895
                                                                                • Opcode Fuzzy Hash: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                                • Instruction Fuzzy Hash: B2E1907290CB82CAF710AF24D4803ADB7A0FB45768F964235DA8D47A96DF78E4C5CB10
                                                                                Function 00007FF7C1064F38 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 158COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: AllocClearStringVariant
                                                                                • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                • API String ID: 1959693985-3505469590
                                                                                • Opcode ID: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                                • Instruction ID: c41b73ac71b6edb19a41cc6e87fd12243beb956d7b9da0625300a4a0def6b0c1
                                                                                • Opcode Fuzzy Hash: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                                • Instruction Fuzzy Hash: F9712B36B14A05C5EB10EF25D8906A9B7B0FB88BA8F865132EE4E47B64CF78D194C310
                                                                                Function 00007FF7C10872EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7C10874F3,?,?,?,00007FF7C108525E,?,?,?,00007FF7C1085219), ref: 00007FF7C1087371
                                                                                • GetLastError.KERNEL32(?,?,00000000,00007FF7C10874F3,?,?,?,00007FF7C108525E,?,?,?,00007FF7C1085219), ref: 00007FF7C108737F
                                                                                • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7C10874F3,?,?,?,00007FF7C108525E,?,?,?,00007FF7C1085219), ref: 00007FF7C10873A9
                                                                                • FreeLibrary.KERNEL32(?,?,00000000,00007FF7C10874F3,?,?,?,00007FF7C108525E,?,?,?,00007FF7C1085219), ref: 00007FF7C10873EF
                                                                                • GetProcAddress.KERNEL32(?,?,00000000,00007FF7C10874F3,?,?,?,00007FF7C108525E,?,?,?,00007FF7C1085219), ref: 00007FF7C10873FB
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                • String ID: api-ms-
                                                                                • API String ID: 2559590344-2084034818
                                                                                • Opcode ID: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                                • Instruction ID: e646be0ddd789811fab3690ba1bb5a505c634dd99a6bed3db029f8b7bd231966
                                                                                • Opcode Fuzzy Hash: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                                • Instruction Fuzzy Hash: ED31AE21A1EA4281FF11BF16A810679A294FF44BB1FDA4535DD1D46B98DFBCE0C08330
                                                                                Function 00007FF7C1081604 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(?,?,?,00007FF7C1081573,?,?,?,00007FF7C108192A), ref: 00007FF7C108162B
                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF7C1081573,?,?,?,00007FF7C108192A), ref: 00007FF7C1081648
                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF7C1081573,?,?,?,00007FF7C108192A), ref: 00007FF7C1081664
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc$HandleModule
                                                                                • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                • API String ID: 667068680-1718035505
                                                                                • Opcode ID: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                                • Instruction ID: 48d1e62194c4e4b2525874bd3011c0250dc04bd1b8dd91c43f2fed15d6c67376
                                                                                • Opcode Fuzzy Hash: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                                • Instruction Fuzzy Hash: 4A113020A1DB0285FF54AF00A550274A295AF4D7B8FCF4436C85D46B65EEFCA4E48730
                                                                                Function 00007FF7C106ED24 Relevance: 9.1, APIs: 6, Instructions: 120timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7C10651A4: GetVersionExW.KERNEL32 ref: 00007FF7C10651D5
                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7C1055AB4), ref: 00007FF7C106ED8C
                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7C1055AB4), ref: 00007FF7C106ED98
                                                                                • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7C1055AB4), ref: 00007FF7C106EDA8
                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7C1055AB4), ref: 00007FF7C106EDB6
                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7C1055AB4), ref: 00007FF7C106EDC4
                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7C1055AB4), ref: 00007FF7C106EE05
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Time$File$System$Local$SpecificVersion
                                                                                • String ID:
                                                                                • API String ID: 2092733347-0
                                                                                • Opcode ID: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                                • Instruction ID: d1528cf9acb097a97d307792f83bcf85d948551e844c736faeeb6be12a293e92
                                                                                • Opcode Fuzzy Hash: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                                • Instruction Fuzzy Hash: E5519DB2B046518BEB04DFB8D8400AC77B1F748B98BA1403ADE0D57B58DF78E596CB10
                                                                                Function 00007FF7C106F010 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Time$File$System$Local$SpecificVersion
                                                                                • String ID:
                                                                                • API String ID: 2092733347-0
                                                                                • Opcode ID: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                                • Instruction ID: 09e3038843a9dd82d72889379e45f966e7fd77e5b6202106bd545898a0c0fac0
                                                                                • Opcode Fuzzy Hash: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                                • Instruction Fuzzy Hash: A2314A62B14A51CDFB04DFB5D8901AC7770FB08758B95503AEE0D97A58EF78D495C310
                                                                                Function 00007FF7C1067918 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: .rar$exe$rar$sfx
                                                                                • API String ID: 3668304517-630704357
                                                                                • Opcode ID: 2fc35cbdd70ebaba8229e08f8487c40f3259a53efddd90ef8447a9b59f22dcea
                                                                                • Instruction ID: d081c097a42cabcef5ff0182548c4829ecad4f3485a5cbc750359eb9d874aaa6
                                                                                • Opcode Fuzzy Hash: 2fc35cbdd70ebaba8229e08f8487c40f3259a53efddd90ef8447a9b59f22dcea
                                                                                • Instruction Fuzzy Hash: 8DA1A222B18A0680EB04AF25D4552BCA361FF44BB8F865235DE5D076EADFBCE5D1C360
                                                                                Function 00007FF7C1085CE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: abort$CallEncodePointerTranslator
                                                                                • String ID: MOC$RCC
                                                                                • API String ID: 2889003569-2084237596
                                                                                • Opcode ID: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                • Instruction ID: 83360c314f39bc32c38c90686f61915ab947d42a49714aab510b77815df85aec
                                                                                • Opcode Fuzzy Hash: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                • Instruction Fuzzy Hash: 8491AE73A08B81CAE710EF64E8402ADBBA0FB047A8F514139EE4D17B59DF78D195CB10
                                                                                Function 00007FF7C1084F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                • String ID: csm$f
                                                                                • API String ID: 2395640692-629598281
                                                                                • Opcode ID: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                                • Instruction ID: f1afd0da9e032d6d25db076fa0fddba5921b531a01ed2c4d3e335d679333bd4b
                                                                                • Opcode Fuzzy Hash: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                                • Instruction Fuzzy Hash: 2451B632A1D602C6FB14EF15E444A29B755FB44BACF928034EA1E47B48DFB8E8C1CB50
                                                                                Function 00007FF7C105CEE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$CloseCurrentHandleProcess
                                                                                • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                • API String ID: 2102711378-639343689
                                                                                • Opcode ID: 6c1d5a5d5395298d9d74f6f4ee4569930d238c95dd33962f37e3fdaa32d53d1a
                                                                                • Instruction ID: 81d902e21a1790b7a45ba0dbd6a95044f1426e18d8acf369bc549261be2bdf0c
                                                                                • Opcode Fuzzy Hash: 6c1d5a5d5395298d9d74f6f4ee4569930d238c95dd33962f37e3fdaa32d53d1a
                                                                                • Instruction Fuzzy Hash: B851B262F18A4245FB10FF65D8612BDA371AF847B4F821132DE5D12696DEBCE4C6C324
                                                                                Function 00007FF7C1077B28 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Show$Rect
                                                                                • String ID: RarHtmlClassName
                                                                                • API String ID: 2396740005-1658105358
                                                                                • Opcode ID: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
                                                                                • Instruction ID: 7d28231aa63e3f4294079d6bed274bbbde696359ced288420b3ea92341ed5765
                                                                                • Opcode Fuzzy Hash: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
                                                                                • Instruction Fuzzy Hash: 5B51A321A09B418AEB24EF21E45437AE3A0FF89BE1F854435DE4E03B55DF7CE0858750
                                                                                Function 00007FF7C107FD0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
                                                                                • String ID: sfxcmd$sfxpar
                                                                                • API String ID: 3540648995-3493335439
                                                                                • Opcode ID: 65c4bc3e57016a74e8805048ea790c6f4a694eba210e4a6448e418b17608a108
                                                                                • Instruction ID: 20ceea70279445260c6d78840f6a0308555e978fd69536785bacd5496b21289a
                                                                                • Opcode Fuzzy Hash: 65c4bc3e57016a74e8805048ea790c6f4a694eba210e4a6448e418b17608a108
                                                                                • Instruction Fuzzy Hash: 5B318F32A14A0584FB00EF65E4951BCA372FB48BA8F950531DE6D17BA9DFB8D4C1C364
                                                                                Function 00007FF7C107FED4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                • API String ID: 0-56093855
                                                                                • Opcode ID: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                                • Instruction ID: 9c6bbd8f709547d47a96859631942a11e4c7358462f0a42d43d503eb1acd0861
                                                                                • Opcode Fuzzy Hash: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                                • Instruction Fuzzy Hash: 3F211621A0DB4B81FB11FF19E844274A3A0AF49BA8F965436D95D47364CFBCE1C5C3A0
                                                                                Function 00007FF7C108BFB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                • API String ID: 4061214504-1276376045
                                                                                • Opcode ID: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                                • Instruction ID: 6a3953eaa31360d18a3296c738ae8bf31a442af965ffbebda51bb83094c0471d
                                                                                • Opcode Fuzzy Hash: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                                • Instruction Fuzzy Hash: CEF06261A1DA4681EF44AF11F560379A360FF887E0F8A1036E94F46764DEBCE4D5C720
                                                                                Function 00007FF7C10945C0 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                                • Instruction ID: b3d24a458cd17a9ffaa9ac8ab019fa34e55623d326bb1822b1f7786e94c0ef86
                                                                                • Opcode Fuzzy Hash: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                                • Instruction Fuzzy Hash: F181F362F1860685F710BF6589606BDE7A0BB45BA8FC24135DE0E97B95CFBCA485C330
                                                                                Function 00007FF7C1063AF8 Relevance: 7.7, APIs: 5, Instructions: 164filetimeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2398171386-0
                                                                                • Opcode ID: 14fdea18fdcf977c61dce6ecaccc8aa35300d093acc7d7c713630260d7cb0aba
                                                                                • Instruction ID: 46925e6d5a52054ed1d51c55c7451ef3e89901438b9f038d384e55a206f09722
                                                                                • Opcode Fuzzy Hash: 14fdea18fdcf977c61dce6ecaccc8aa35300d093acc7d7c713630260d7cb0aba
                                                                                • Instruction Fuzzy Hash: 6551F522F08B0249FB50EF75E4403BDA3B1AB847B8F819639EE1D4A7D9DE789095C350
                                                                                Function 00007FF7C1093F34 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                • String ID:
                                                                                • API String ID: 3659116390-0
                                                                                • Opcode ID: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                                • Instruction ID: 76fdf31a3224c1ecdc2ed4c3d0b315d0b41d28fcb8f04b4cdafce71544dbabab
                                                                                • Opcode Fuzzy Hash: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                                • Instruction Fuzzy Hash: A351CD72B18A5189E710DF25E4543ACBBB0FB487A8F858136DF4A97B98DF78D085C720
                                                                                Function 00007FF7C1081E00 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharMultiWide$AllocString
                                                                                • String ID:
                                                                                • API String ID: 262959230-0
                                                                                • Opcode ID: 55eea0222137253c860f73f771396d48486a61dcff80d6f5aaddb46a2ec13fc8
                                                                                • Instruction ID: 9eaa7bed467c66a87be28dc2da3aa99f9cfcbe3519307e0b4fbb02a79fd605e4
                                                                                • Opcode Fuzzy Hash: 55eea0222137253c860f73f771396d48486a61dcff80d6f5aaddb46a2ec13fc8
                                                                                • Instruction Fuzzy Hash: C241CF21A0D7468AFB14AF2594103B8A291FF05BB4F954635EA6D87BD6DFBCE0C18320
                                                                                Function 00007FF7C108F414 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID:
                                                                                • API String ID: 190572456-0
                                                                                • Opcode ID: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                • Instruction ID: a178c1ce2bf93cf7c4bb087b4725034ed5e4e559f1102b0470a0adb8361a1945
                                                                                • Opcode Fuzzy Hash: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                • Instruction Fuzzy Hash: 0141B061B0DA4281FB15AF26A810675B795FF14BB0F8A4536DE1D8BB54EEBCE4C08320
                                                                                Function 00007FF7C10956D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _set_statfp
                                                                                • String ID:
                                                                                • API String ID: 1156100317-0
                                                                                • Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                • Instruction ID: 25d189368399bf6cdaf9aca9594b1119b42d33abc9f287c0deb40388c96ea6c0
                                                                                • Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                • Instruction Fuzzy Hash: B511B236E1CA07C1F7583926F56137DC1427F483B0ECA8232EA7D065DADEECA5C04125
                                                                                Function 00007FF7C107FE24 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                                                • String ID:
                                                                                • API String ID: 3621893840-0
                                                                                • Opcode ID: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                • Instruction ID: 74071f0fa49591670b94b48b02e2b4a48abc388ff5682ba17d6d3e3a589b4ff5
                                                                                • Opcode Fuzzy Hash: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                • Instruction Fuzzy Hash: 71F06D32B3844682F710AF20E894B7AA321FFE4B15FD51830EA4F81994DF6CD189CB20
                                                                                Function 00007FF7C108625C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: __except_validate_context_recordabort
                                                                                • String ID: csm$csm
                                                                                • API String ID: 746414643-3733052814
                                                                                • Opcode ID: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                • Instruction ID: f044027aa0e3cd7b5e7bea1be4f5ab071c7c4ef9c5f3d6bf684c0c48e61b428d
                                                                                • Opcode Fuzzy Hash: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                • Instruction Fuzzy Hash: 5B71BF7260C6818AE760AF25905077DBBA1FB01BA9F869136EA4C47F89CF7CD4D2C750
                                                                                Function 00007FF7C10880F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: $*
                                                                                • API String ID: 3215553584-3982473090
                                                                                • Opcode ID: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                                • Instruction ID: af34ea46726bf170460222ee1a6391a22f8262c040caf1fca3bc5465f5498de8
                                                                                • Opcode Fuzzy Hash: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                                • Instruction Fuzzy Hash: EF51887290CA528AF768AF38844437CBBA1FB05B29F961137C64A41699CFBCD4E1C725
                                                                                Function 00007FF7C1091758 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharMultiWide$StringType
                                                                                • String ID: $%s
                                                                                • API String ID: 3586891840-3791308623
                                                                                • Opcode ID: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                                • Instruction ID: 658010b5fc9993ea9e22355637c90ad7c953b00c54a621c5e11b51cba478fc0f
                                                                                • Opcode Fuzzy Hash: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                                • Instruction Fuzzy Hash: C941B522B14B858AFB20AF25D8102A9A391FF45BB8F894635DE1D07BC5DFBCE481C310
                                                                                Function 00007FF7C10866A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                                                • String ID: csm
                                                                                • API String ID: 2466640111-1018135373
                                                                                • Opcode ID: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                • Instruction ID: 4cf576b65583f81ea8bd02c16c4f0533dad3c2e5f94380cdc08dca5d18ff2385
                                                                                • Opcode Fuzzy Hash: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                • Instruction Fuzzy Hash: 26516D7262CB4187E720BF55E04026EB7A4FB89BA4F860135EB8D07B55DF78E4A1CB10
                                                                                Function 00007FF7C1094360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                • String ID: U
                                                                                • API String ID: 2456169464-4171548499
                                                                                • Opcode ID: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                • Instruction ID: e7cea40041924a0194303e2d4163de2312f963a22e1b10094e9200ff07e29ef0
                                                                                • Opcode Fuzzy Hash: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                • Instruction Fuzzy Hash: 2741F922B19A8182E710DF25E4543BAB7A0FB887A4F854131EE4D87794DFBCD491C710
                                                                                Function 00007FF7C10790B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ObjectRelease
                                                                                • String ID:
                                                                                • API String ID: 1429681911-3916222277
                                                                                • Opcode ID: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                                • Instruction ID: b62b9ce7dae00be9c93c3e5830af964dc29027b2ac6c550b10278b69b3a37ebf
                                                                                • Opcode Fuzzy Hash: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                                • Instruction Fuzzy Hash: 32313E3561874286EB14EF12B81872AB7A1F789FE1F914435ED4B43B54CE7CE489CB50
                                                                                Function 00007FF7C106E870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • InitializeCriticalSection.KERNEL32(?,?,?,00007FF7C107317F,?,?,00001000,00007FF7C105E51D), ref: 00007FF7C106E8BB
                                                                                • CreateSemaphoreW.KERNEL32(?,?,?,00007FF7C107317F,?,?,00001000,00007FF7C105E51D), ref: 00007FF7C106E8CB
                                                                                • CreateEventW.KERNEL32(?,?,?,00007FF7C107317F,?,?,00001000,00007FF7C105E51D), ref: 00007FF7C106E8E4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                • String ID: Thread pool initialization failed.
                                                                                • API String ID: 3340455307-2182114853
                                                                                • Opcode ID: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                                • Instruction ID: d6059eddbfe8ad93e070171a9af4cd2e3e57d7a949dcc6098910ffb99aeeddd5
                                                                                • Opcode Fuzzy Hash: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                                • Instruction Fuzzy Hash: 1721D572F1560186F710EF24D4543B972A2FB88B18F998035CE0D4A295CFBE94D5C7A4
                                                                                Function 00007FF7C10785E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: CapsDeviceRelease
                                                                                • String ID:
                                                                                • API String ID: 127614599-3916222277
                                                                                • Opcode ID: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                                • Instruction ID: cb502c0e5df0df7acaf7e68d3f857771185e9c9f92c0274600807604acea6afb
                                                                                • Opcode Fuzzy Hash: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                                • Instruction Fuzzy Hash: B1E0C220B0864186FB08ABB6F58A23AA261AB4CBE0F568435EE1F43794CE3CC4C54310
                                                                                Function 00007FF7C105D1A8 Relevance: 6.2, APIs: 4, Instructions: 238timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$FileTime
                                                                                • String ID:
                                                                                • API String ID: 1137671866-0
                                                                                • Opcode ID: 6a66750d7d38e285348c6a4672a5517d432b12a502a6a2b91e6f62eece89d76d
                                                                                • Instruction ID: 2a428400b20479f159f5c10709af29f28189c0e00f3b54594132ccc9121bbc3a
                                                                                • Opcode Fuzzy Hash: 6a66750d7d38e285348c6a4672a5517d432b12a502a6a2b91e6f62eece89d76d
                                                                                • Instruction Fuzzy Hash: AEA1B462B18A8281EB10FF65D4501EDA361FF857A4FC15132EA8C07AEADFBCE584C714
                                                                                Function 00007FF7C1070548 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast
                                                                                • String ID:
                                                                                • API String ID: 1452528299-0
                                                                                • Opcode ID: 47ce399c8b5a93a9ee7e183f504d796df39c479f65169f8ae0637efe197c3b7b
                                                                                • Instruction ID: 116798211140b9c7846f1bcebb0546a308a0165c289fe034c3327c38133825ce
                                                                                • Opcode Fuzzy Hash: 47ce399c8b5a93a9ee7e183f504d796df39c479f65169f8ae0637efe197c3b7b
                                                                                • Instruction Fuzzy Hash: C951B372B14A4685FB00FF64D4552BCA321FB85BA8F814232DA5C57B9ADFBCD180C360
                                                                                Function 00007FF7C1079D90 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
                                                                                • String ID:
                                                                                • API String ID: 1077098981-0
                                                                                • Opcode ID: 91dec681af915968dd102d853b3eeeabd4842e789cbe2ad92d88e952f467e522
                                                                                • Instruction ID: 6619b02c93d26d1b1ef474f812e909cd35f9edc7ec97dec205bca27fb4862503
                                                                                • Opcode Fuzzy Hash: 91dec681af915968dd102d853b3eeeabd4842e789cbe2ad92d88e952f467e522
                                                                                • Instruction Fuzzy Hash: 68518032A28B4286EB50DF21E4443AEB7B4FB84BA4F911036EA4E57B54DF7CD494CB50
                                                                                Function 00007FF7C108DB5C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                • String ID:
                                                                                • API String ID: 4141327611-0
                                                                                • Opcode ID: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                • Instruction ID: 745068e537b044d74d09720895ed6d272ca81d7f3457796b78b6d8fe9c38ea8a
                                                                                • Opcode Fuzzy Hash: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                • Instruction Fuzzy Hash: 5A417022A0C64786FB65AE119050379E690EF84BB0F968231DA5D46E9ADEBCD8C1C720
                                                                                Function 00007FF7C1063980 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: FileMove_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3823481717-0
                                                                                • Opcode ID: 47dbf0decc8272d9a7ae459b130201949f9107b8ec80fb87a20ec63cf3da1f82
                                                                                • Instruction ID: 25f3846f75cd4bbb1ef764797017f0df9107e2a97fa155021ef588be48ed4f10
                                                                                • Opcode Fuzzy Hash: 47dbf0decc8272d9a7ae459b130201949f9107b8ec80fb87a20ec63cf3da1f82
                                                                                • Instruction Fuzzy Hash: FD41B062F14B5184FB00EF75E8451ACA371FF44BB8B815235DE5D2AA99DFB8D081C360
                                                                                Function 00007FF7C1090B78 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7C108C45B), ref: 00007FF7C1090B91
                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7C108C45B), ref: 00007FF7C1090BF3
                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7C108C45B), ref: 00007FF7C1090C2D
                                                                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7C108C45B), ref: 00007FF7C1090C57
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                • String ID:
                                                                                • API String ID: 1557788787-0
                                                                                • Opcode ID: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                • Instruction ID: f1de0ffb9504c4874cf978b1fedd98f74f2ff1dcf1763253dcec59d914d43f88
                                                                                • Opcode Fuzzy Hash: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                • Instruction Fuzzy Hash: 10218731F18B9581E724AF116460029F6A9FB54BE0F894235DE8E63BA8DF7CE4928314
                                                                                Function 00007FF7C108D440 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast$abort
                                                                                • String ID:
                                                                                • API String ID: 1447195878-0
                                                                                • Opcode ID: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                                • Instruction ID: d6eb689632070a8ce8268221ff6aad9cc98d31b1dc9f0e81d22d93219aa37d70
                                                                                • Opcode Fuzzy Hash: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                                • Instruction Fuzzy Hash: 7B016D10A0D60642FB58BF3565551789291DF547B0F861638E91E42FD6EDACB8D08330
                                                                                Function 00007FF7C1078590 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: CapsDevice$Release
                                                                                • String ID:
                                                                                • API String ID: 1035833867-0
                                                                                • Opcode ID: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                                • Instruction ID: d1c5e6da38696ccd5cdea9dd800f8246852629ccf765568924e21000340780f2
                                                                                • Opcode Fuzzy Hash: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                                • Instruction Fuzzy Hash: C3E0ED60E0960682FF08BF71A859236A190AF48762F89443EDC1F46390DE7CE0D58720
                                                                                Function 00007FF7C105E34C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: DXGIDebug.dll
                                                                                • API String ID: 3668304517-540382549
                                                                                • Opcode ID: 2b89549b7426e50bfd34945384ed8c0e8b0bf6c6c1231d7991053c614d04a2bf
                                                                                • Instruction ID: d041fe8e94ac5202dd8317d4ae1c782007724cd52eedfdd8e6744dfa46ea90fb
                                                                                • Opcode Fuzzy Hash: 2b89549b7426e50bfd34945384ed8c0e8b0bf6c6c1231d7991053c614d04a2bf
                                                                                • Instruction Fuzzy Hash: 2171BD72A14B8186EB14DF25E8443ADB3A4FB547A4F854236DFAC07B96DFB8D0A1C314
                                                                                Function 00007FF7C108E1F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: e+000$gfff
                                                                                • API String ID: 3215553584-3030954782
                                                                                • Opcode ID: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                                • Instruction ID: 1ce17a4239d33c48a5989c80a3d94010d597ce317f567551187c2f33b7a64426
                                                                                • Opcode Fuzzy Hash: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                                • Instruction Fuzzy Hash: 0F510862B1C7C146F725AF359941369AB91E781BA0F89D231C69C4BFD6CF6CD484C710
                                                                                Function 00007FF7C1069408 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                                                                • String ID: SIZE
                                                                                • API String ID: 449872665-3243624926
                                                                                • Opcode ID: 1ee6a6b9fbbd6c3126f8bc5ffec1b6aa008f2877db1f13591811bbd6ed408201
                                                                                • Instruction ID: f1f6c9dea57b4fc93a8b32ec33c2913a4ef150442c34be59ffd352655ba5b7ee
                                                                                • Opcode Fuzzy Hash: 1ee6a6b9fbbd6c3126f8bc5ffec1b6aa008f2877db1f13591811bbd6ed408201
                                                                                • Instruction Fuzzy Hash: 1F419462B28A8295EF10EF54E4413BDB350EF857B4F924231EA9D06AD6EEBCD5C0C710
                                                                                Function 00007FF7C108C2C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                • String ID: C:\Users\user\Desktop\0442.pdf.exe
                                                                                • API String ID: 3307058713-1301555550
                                                                                • Opcode ID: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                                • Instruction ID: a20f935fda567f7a5bc30326f55663ec81742f86dc44145e1916df811654121d
                                                                                • Opcode Fuzzy Hash: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                                • Instruction Fuzzy Hash: 75417B72A0CA5686FB14FF25A5401F8A7A4EF447A4B864036E94E47B45DEBDE4C2C320
                                                                                Function 00007FF7C1079B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ItemText$DialogWindow
                                                                                • String ID: ASKNEXTVOL
                                                                                • API String ID: 445417207-3402441367
                                                                                • Opcode ID: 97ebd98f0834f70bd8f3ada112357d921bc9d5e9383391aa045354938bfaeae3
                                                                                • Instruction ID: 9e297180991674bf904096818863db79c834b00ccc0eb0ca3f45481008a1bcb4
                                                                                • Opcode Fuzzy Hash: 97ebd98f0834f70bd8f3ada112357d921bc9d5e9383391aa045354938bfaeae3
                                                                                • Instruction Fuzzy Hash: 34417362B08A4681FB10FF15E5512B9A3A1AF89BF4F964035DE4D17795CFBCE4C183A0
                                                                                Function 00007FF7C1069638 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharMultiWide_snwprintf
                                                                                • String ID: $%s$@%s
                                                                                • API String ID: 2650857296-834177443
                                                                                • Opcode ID: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                                • Instruction ID: 04e559a9f93443b84069b1f350f2f28eeaef403ca527a627fb7a4c19bfa25dcf
                                                                                • Opcode Fuzzy Hash: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                                • Instruction Fuzzy Hash: 1D31E7B2B18E4689EB10EF26E4402E9A3A0FB447A4F810032EE0C07B55DE7CE585C710
                                                                                Function 00007FF7C108EB04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: FileHandleType
                                                                                • String ID: @
                                                                                • API String ID: 3000768030-2766056989
                                                                                • Opcode ID: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                                • Instruction ID: a641342bac72e0d4d599b5b8def325d06ec8da1b9dacb6bddf0c355eb6a96f09
                                                                                • Opcode Fuzzy Hash: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                                • Instruction Fuzzy Hash: 7021A722A0C78241FB609F24989013AA651EB85774F6A0336D66F0BBD4DEBDE8C1C331
                                                                                Function 00007FF7C1084078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7C1081D3E), ref: 00007FF7C10840BC
                                                                                • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7C1081D3E), ref: 00007FF7C1084102
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                • String ID: csm
                                                                                • API String ID: 2573137834-1018135373
                                                                                • Opcode ID: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                                • Instruction ID: ba955d556a85313f3749310deb6beb81a2bc7781850a9c5d5bad90b046af49a5
                                                                                • Opcode Fuzzy Hash: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                                • Instruction Fuzzy Hash: 68114232A08B4582EB109F15E44035AB7E1FB88BA4F594231EF8D47B54DF7CD596CB00
                                                                                Function 00007FF7C106EA5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF7C106E95F,?,?,?,00007FF7C106463A,?,?,?), ref: 00007FF7C106EA63
                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF7C106E95F,?,?,?,00007FF7C106463A,?,?,?), ref: 00007FF7C106EA6E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLastObjectSingleWait
                                                                                • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                • API String ID: 1211598281-2248577382
                                                                                • Opcode ID: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                                • Instruction ID: 42275a26612e3943f7d6e0d5f6867679af4b66765b7b96a416fd422a003654b5
                                                                                • Opcode Fuzzy Hash: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                                • Instruction Fuzzy Hash: 38E01A61E19C0281F700FF20DC62578A221BFA4770FD20331D43E811F59EACA9C98324
                                                                                Function 00007FF7C106A43C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2073195463.00007FF7C1051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1050000, based on PE: true
                                                                                • Associated: 00000000.00000002.2073141050.00007FF7C1050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073381772.00007FF7C1098000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073423747.00007FF7C10B4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2073477998.00007FF7C10BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff7c1050000_0442.jbxd
                                                                                Similarity
                                                                                • API ID: FindHandleModuleResource
                                                                                • String ID: RTL
                                                                                • API String ID: 3537982541-834975271
                                                                                • Opcode ID: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                • Instruction ID: 26dd5fb1ee88dcd63adbba6d3224f2b04244e4817b776c6fe8f5f64a3838311b
                                                                                • Opcode Fuzzy Hash: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                • Instruction Fuzzy Hash: 07D05E91F0960682FF196FB1A85933452506F59B61FCA503ACD1E06390EEACE0E8C760